diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index c60eb2c..d7af24d 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11950,7 +12132,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12064,6 +12246,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12113,91 +12305,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index 5d230e9..e7e19f8 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json index 38d8f73..6a165e8 100644 --- a/docs/security/agent/grype-25.10.10.json +++ b/docs/security/agent/grype-25.10.10.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,36 +4601,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4641,25 +4641,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4670,15 +4670,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4702,7 +4702,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4756,20 +4756,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4777,18 +4777,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4796,47 +4796,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4851,21 +4851,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4879,13 +4879,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4896,20 +4896,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4917,18 +4917,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4936,54 +4936,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4991,21 +4991,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5019,14 +5019,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5036,17 +5047,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5057,18 +5068,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5076,28 +5087,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5108,18 +5116,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5134,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5162,23 +5170,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5190,17 +5202,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5211,18 +5223,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5230,28 +5242,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5262,18 +5271,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5288,21 +5297,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5316,23 +5325,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5344,134 +5357,179 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2026-0992", "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019765 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.10" - } + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5479,61 +5537,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5548,21 +5592,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5576,13 +5620,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5593,42 +5637,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5639,62 +5677,201 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5704,7 +5881,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5712,21 +5889,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5740,14 +5917,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5779,9 +5967,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5811,7 +5999,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5821,6 +6009,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5844,9 +6034,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5917,39 +6107,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5957,47 +6147,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6012,21 +6216,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6040,13 +6244,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6057,130 +6261,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6197,24 +6380,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6228,13 +6408,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6245,185 +6425,134 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013649999999999999 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.10" + } }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6431,54 +6560,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "disclosure@vulncheck.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6493,21 +6615,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6521,13 +6643,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6538,194 +6660,132 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.10" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6740,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6768,13 +6831,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6785,37 +6848,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6825,59 +6888,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6894,21 +6943,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6922,13 +6971,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6939,20 +6988,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6960,18 +7009,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -6979,54 +7034,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7034,21 +7096,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7062,19 +7124,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7084,184 +7141,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.10" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7269,54 +7282,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7324,21 +7343,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7352,19 +7371,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7374,39 +7388,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7414,54 +7428,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7469,21 +7497,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,16 +7528,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7519,38 +7542,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7563,43 +7586,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7607,7 +7629,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7615,21 +7637,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7643,14 +7665,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7660,38 +7687,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7704,43 +7731,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7756,21 +7782,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7784,23 +7810,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7812,38 +7832,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7856,43 +7876,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7908,21 +7927,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7936,27 +7955,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7968,38 +7977,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8012,43 +8021,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8064,21 +8072,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8092,27 +8100,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8124,44 +8122,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8170,68 +8162,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8247,21 +8218,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8275,13 +8246,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8292,38 +8263,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8332,51 +8303,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8384,7 +8351,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8392,21 +8359,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8420,55 +8387,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8477,51 +8455,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8537,21 +8511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8565,66 +8539,70 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8633,52 +8611,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8694,21 +8667,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8722,23 +8695,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -8750,20 +8727,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8771,17 +8748,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8790,33 +8773,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8832,21 +8850,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,13 +8878,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8877,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8917,33 +8935,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8951,7 +8987,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8959,21 +8995,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8987,66 +9023,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9055,33 +9080,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9097,21 +9140,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9125,70 +9168,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9197,33 +9236,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9239,21 +9297,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9267,27 +9325,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9322,8 +9376,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9331,7 +9385,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9384,8 +9438,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9393,7 +9447,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9476,8 +9530,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9537,8 +9591,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9629,8 +9683,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9697,8 +9751,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9806,8 +9860,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9872,8 +9926,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9970,8 +10024,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10032,8 +10086,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10124,8 +10178,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10185,8 +10239,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10277,8 +10331,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10318,8 +10372,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10413,8 +10467,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10454,8 +10508,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10549,8 +10603,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10610,8 +10664,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10677,6 +10731,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -10895,7 +11077,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11009,6 +11191,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11058,91 +11250,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md index 8ebf5ea..ad77e9c 100644 --- a/docs/security/agent/grype-25.10.10.md +++ b/docs/security/agent/grype-25.10.10.md @@ -15,8 +15,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -46,13 +46,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -67,13 +71,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.11.json b/docs/security/agent/grype-25.10.11.json index 6f65e96..8c46ee9 100644 --- a/docs/security/agent/grype-25.10.11.json +++ b/docs/security/agent/grype-25.10.11.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,36 +4601,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4641,25 +4641,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4670,15 +4670,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4702,7 +4702,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4756,20 +4756,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4777,18 +4777,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4796,47 +4796,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4851,21 +4851,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4879,13 +4879,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4896,20 +4896,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4917,18 +4917,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4936,54 +4936,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4991,21 +4991,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5019,14 +5019,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5036,17 +5047,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5057,18 +5068,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5076,28 +5087,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5108,18 +5116,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5134,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5162,23 +5170,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5190,17 +5202,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5211,18 +5223,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5230,28 +5242,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5262,18 +5271,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5288,21 +5297,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5316,23 +5325,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5344,134 +5357,179 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2026-0992", "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019765 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.11" - } + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5479,61 +5537,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5548,21 +5592,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5576,13 +5620,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5593,42 +5637,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5639,62 +5677,201 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5704,7 +5881,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5712,21 +5889,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5740,14 +5917,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5779,9 +5967,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5811,7 +5999,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5821,6 +6009,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5844,9 +6034,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5917,39 +6107,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5957,47 +6147,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6012,21 +6216,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6040,13 +6244,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6057,130 +6261,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6197,24 +6380,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6228,13 +6408,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6245,185 +6425,134 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013649999999999999 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.11" + } }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6431,54 +6560,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "disclosure@vulncheck.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6493,21 +6615,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6521,13 +6643,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6538,194 +6660,132 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.11" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6740,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6768,13 +6831,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6785,37 +6848,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6825,59 +6888,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6894,21 +6943,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6922,13 +6971,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6939,20 +6988,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6960,18 +7009,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -6979,54 +7034,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7034,21 +7096,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7062,19 +7124,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7084,184 +7141,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.11" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7269,54 +7282,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7324,21 +7343,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7352,19 +7371,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7374,39 +7388,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7414,54 +7428,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7469,21 +7497,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,16 +7528,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7519,38 +7542,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7563,43 +7586,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7607,7 +7629,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7615,21 +7637,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7643,14 +7665,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7660,38 +7687,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7704,43 +7731,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7756,21 +7782,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7784,23 +7810,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7812,38 +7832,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7856,43 +7876,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7908,21 +7927,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7936,27 +7955,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7968,38 +7977,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8012,43 +8021,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8064,21 +8072,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8092,27 +8100,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8124,44 +8122,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8170,68 +8162,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8247,21 +8218,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8275,13 +8246,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8292,38 +8263,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8332,51 +8303,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8384,7 +8351,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8392,21 +8359,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8420,55 +8387,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8477,51 +8455,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8537,21 +8511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8565,66 +8539,70 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8633,52 +8611,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8694,21 +8667,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8722,23 +8695,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -8750,20 +8727,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8771,17 +8748,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8790,33 +8773,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8832,21 +8850,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,13 +8878,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8877,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8917,33 +8935,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8951,7 +8987,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8959,21 +8995,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8987,66 +9023,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9055,33 +9080,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9097,21 +9140,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9125,70 +9168,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9197,33 +9236,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9239,21 +9297,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9267,27 +9325,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9322,8 +9376,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9331,7 +9385,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9384,8 +9438,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9393,7 +9447,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9476,8 +9530,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9537,8 +9591,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9629,8 +9683,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9697,8 +9751,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9806,8 +9860,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9872,8 +9926,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9970,8 +10024,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10032,8 +10086,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10124,8 +10178,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10185,8 +10239,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10277,8 +10331,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10318,8 +10372,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10413,8 +10467,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10454,8 +10508,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10549,8 +10603,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10610,8 +10664,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10677,6 +10731,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -10895,7 +11077,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11009,6 +11191,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11058,91 +11250,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.11.md b/docs/security/agent/grype-25.10.11.md index 57b4a32..3c1df0b 100644 --- a/docs/security/agent/grype-25.10.11.md +++ b/docs/security/agent/grype-25.10.11.md @@ -15,8 +15,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -46,13 +46,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -67,13 +71,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.12.json b/docs/security/agent/grype-25.10.12.json index ef45949..2b9d50f 100644 --- a/docs/security/agent/grype-25.10.12.json +++ b/docs/security/agent/grype-25.10.12.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,36 +4601,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4641,25 +4641,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4670,15 +4670,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4702,7 +4702,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4756,20 +4756,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4777,18 +4777,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4796,47 +4796,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4851,21 +4851,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4879,13 +4879,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4896,20 +4896,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4917,18 +4917,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4936,54 +4936,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4991,21 +4991,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5019,14 +5019,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5036,17 +5047,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5057,18 +5068,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5076,28 +5087,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5108,18 +5116,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5134,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5162,23 +5170,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5190,17 +5202,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5211,18 +5223,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5230,28 +5242,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5262,18 +5271,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5288,21 +5297,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5316,23 +5325,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5344,134 +5357,179 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2026-0992", "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019765 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.12" - } + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5479,61 +5537,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5548,21 +5592,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5576,13 +5620,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5593,42 +5637,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5639,62 +5677,201 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5704,7 +5881,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5712,21 +5889,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5740,14 +5917,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5779,9 +5967,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5811,7 +5999,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5821,6 +6009,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5844,9 +6034,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5917,39 +6107,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5957,47 +6147,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6012,21 +6216,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6040,13 +6244,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6057,130 +6261,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6197,24 +6380,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6228,13 +6408,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6245,185 +6425,134 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013649999999999999 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.12" + } }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6431,54 +6560,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "disclosure@vulncheck.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6493,21 +6615,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6521,13 +6643,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6538,194 +6660,132 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.12" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6740,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6768,13 +6831,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6785,37 +6848,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6825,59 +6888,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6894,21 +6943,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6922,13 +6971,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6939,20 +6988,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6960,18 +7009,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -6979,54 +7034,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7034,21 +7096,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7062,19 +7124,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7084,184 +7141,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.12" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7269,54 +7282,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7324,21 +7343,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7352,19 +7371,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7374,39 +7388,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7414,54 +7428,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7469,21 +7497,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,16 +7528,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7519,38 +7542,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7563,43 +7586,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7607,7 +7629,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7615,21 +7637,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7643,14 +7665,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7660,38 +7687,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7704,43 +7731,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7756,21 +7782,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7784,23 +7810,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7812,38 +7832,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7856,43 +7876,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7908,21 +7927,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7936,27 +7955,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7968,38 +7977,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8012,43 +8021,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8064,21 +8072,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8092,27 +8100,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8124,44 +8122,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8170,68 +8162,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8247,21 +8218,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8275,13 +8246,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8292,38 +8263,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8332,51 +8303,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8384,7 +8351,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8392,21 +8359,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8420,55 +8387,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8477,51 +8455,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8537,21 +8511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8565,66 +8539,70 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8633,52 +8611,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8694,21 +8667,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8722,23 +8695,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -8750,20 +8727,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8771,17 +8748,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8790,33 +8773,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8832,21 +8850,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,13 +8878,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8877,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8917,33 +8935,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8951,7 +8987,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8959,21 +8995,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8987,66 +9023,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9055,33 +9080,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9097,21 +9140,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9125,70 +9168,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9197,33 +9236,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9239,21 +9297,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9267,27 +9325,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9322,8 +9376,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9331,7 +9385,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9384,8 +9438,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9393,7 +9447,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9476,8 +9530,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9537,8 +9591,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9629,8 +9683,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9697,8 +9751,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9806,8 +9860,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9872,8 +9926,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9970,8 +10024,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10032,8 +10086,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10124,8 +10178,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10185,8 +10239,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10277,8 +10331,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10318,8 +10372,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10413,8 +10467,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10454,8 +10508,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10549,8 +10603,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10610,8 +10664,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10677,6 +10731,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -10895,7 +11077,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11009,6 +11191,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11058,91 +11250,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.12.md b/docs/security/agent/grype-25.10.12.md index ab59c2f..8a9c22a 100644 --- a/docs/security/agent/grype-25.10.12.md +++ b/docs/security/agent/grype-25.10.12.md @@ -15,8 +15,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -46,13 +46,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -67,13 +71,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index 15d2677..41099a8 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.2" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index c7342df..6e2d5b5 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 5945c2c..0c1c039 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.3" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index f7c91e4..d93c590 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index cfebb46..a8ea87b 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.3" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index b26f4a5..1dc9eb2 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index c1834f6..04f544d 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.4" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.4" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index e23be89..81b3e1e 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index 3bb1410..fece2fc 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.6" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index 285e53d..591ef0c 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index 33ea4f8..7a499d0 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.6" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index 4f92d43..1f043c2 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index ab75534..456f7f8 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,36 +4601,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4641,25 +4641,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4670,15 +4670,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4702,7 +4702,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4756,20 +4756,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4777,18 +4777,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4796,47 +4796,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4851,21 +4851,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4879,13 +4879,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4896,20 +4896,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4917,18 +4917,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4936,54 +4936,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4991,21 +4991,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5019,14 +5019,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5036,17 +5047,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5057,18 +5068,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5076,28 +5087,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5108,18 +5116,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5134,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5162,23 +5170,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5190,17 +5202,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5211,18 +5223,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5230,28 +5242,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5262,18 +5271,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5288,21 +5297,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5316,23 +5325,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5344,134 +5357,179 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2026-0992", "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019765 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.7" + }, "package": { - "name": "fluent-bit", - "version": "25.10.8" - } + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "MIT" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5479,61 +5537,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5548,21 +5592,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5576,13 +5620,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5593,42 +5637,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5639,62 +5677,201 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5704,7 +5881,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5712,21 +5889,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5740,14 +5917,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5779,9 +5967,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5811,7 +5999,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5821,6 +6009,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5844,9 +6034,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5917,39 +6107,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5957,47 +6147,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6012,21 +6216,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6040,13 +6244,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6057,130 +6261,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6197,24 +6380,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6228,13 +6408,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6245,185 +6425,134 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013649999999999999 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.8" + } }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -6431,54 +6560,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "disclosure@vulncheck.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6493,21 +6615,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6521,13 +6643,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6538,194 +6660,132 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.8" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6740,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -6768,13 +6831,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6785,37 +6848,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6825,59 +6888,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6894,21 +6943,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6922,13 +6971,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6939,20 +6988,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6960,18 +7009,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -6979,54 +7034,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7034,21 +7096,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7062,19 +7124,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7084,184 +7141,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.8" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7269,54 +7282,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7324,21 +7343,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7352,19 +7371,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7374,39 +7388,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7414,54 +7428,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7469,21 +7497,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7500,16 +7528,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7519,38 +7542,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7563,43 +7586,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7607,7 +7629,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7615,21 +7637,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7643,14 +7665,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7660,38 +7687,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7704,43 +7731,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7756,21 +7782,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7784,23 +7810,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7812,38 +7832,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7856,43 +7876,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7908,21 +7927,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7936,27 +7955,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -7968,38 +7977,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8012,43 +8021,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8064,21 +8072,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8092,27 +8100,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8124,44 +8122,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8170,68 +8162,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8247,21 +8218,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8275,13 +8246,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8292,38 +8263,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8332,51 +8303,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8384,7 +8351,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8392,21 +8359,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8420,55 +8387,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8477,51 +8455,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8537,21 +8511,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8565,66 +8539,70 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8633,52 +8611,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8694,21 +8667,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8722,23 +8695,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -8750,20 +8727,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -8771,17 +8748,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8790,33 +8773,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8832,21 +8850,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,13 +8878,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8877,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8917,33 +8935,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8951,7 +8987,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8959,21 +8995,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8987,66 +9023,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9055,33 +9080,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9097,21 +9140,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9125,70 +9168,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9197,33 +9236,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9239,21 +9297,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9267,27 +9325,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9322,8 +9376,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9331,7 +9385,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9384,8 +9438,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9393,7 +9447,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9476,8 +9530,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9537,8 +9591,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9629,8 +9683,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9697,8 +9751,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9806,8 +9860,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9872,8 +9926,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9970,8 +10024,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10032,8 +10086,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10124,8 +10178,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10185,8 +10239,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10277,8 +10331,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10318,8 +10372,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10413,8 +10467,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10454,8 +10508,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10549,8 +10603,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10610,8 +10664,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10677,6 +10731,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -10895,7 +11077,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11009,6 +11191,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11058,91 +11250,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index 7d9c720..0968ad7 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -15,8 +15,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -46,13 +46,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -67,13 +71,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index e1a9bed..2f71d82 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,36 +4601,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4641,25 +4641,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4670,15 +4670,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4702,7 +4702,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4756,96 +4756,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4853,17 +4825,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -4871,7 +4843,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4879,24 +4851,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "120d5875527c431e", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4910,25 +4879,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4938,20 +4896,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4959,18 +4917,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4978,54 +4936,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5033,21 +4991,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5061,14 +5019,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5078,20 +5047,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5099,18 +5068,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5118,54 +5087,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5173,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5201,14 +5170,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5218,17 +5202,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5239,18 +5223,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5258,28 +5242,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5290,21 +5271,21 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } ], "matchDetails": [ { @@ -5316,21 +5297,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5344,23 +5325,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5372,71 +5357,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5444,18 +5454,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5470,21 +5480,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "120d5875527c431e", + "name": "systemd-libs", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -5498,23 +5511,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "systemd", + "version": "252-55.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5526,113 +5539,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5653,11 +5640,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -5695,134 +5679,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.9" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -5830,61 +5719,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014399999999999998 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5899,21 +5774,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -5927,13 +5802,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5944,42 +5819,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5990,62 +5859,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6055,7 +5909,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6063,21 +5917,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6091,14 +5945,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6108,111 +5973,97 @@ }, { "vulnerability": { - "id": "CVE-2025-13601", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.68.4-18.el9_7.1" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.68.4-18.el9_7.1", - "date": "2026-01-22", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0936", - "link": "https://access.redhat.com/errata/RHSA-2026:0936" - } - ], - "risk": 0.013335000000000001 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13601", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:0936", - "https://access.redhat.com/security/cve/CVE-2025-13601", - "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", - "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", - "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 2.6, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-13601", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6220,24 +6071,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13601", - "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.68.4-18.el9_7.1" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6251,14 +6099,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6268,87 +6127,113 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "security@ubuntu.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9714", + "epss": 0.00031, + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", + "type": "Secondary" } ] } @@ -6363,21 +6248,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6391,13 +6279,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6408,132 +6296,106 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-13601", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13601", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-13601", + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "0:2.68.4-18.el9_7.1" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "0:2.68.4-18.el9_7.1", + "date": "2026-01-22", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2026:0936", + "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.012240000000000003 + "risk": 0.015875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-13601", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13601", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", + "https://access.redhat.com/security/cve/CVE-2025-13601", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", + "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", + "https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.7, + "exploitabilityScore": 2.6, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-13601", + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-13601", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6548,24 +6410,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-13601", + "versionConstraint": "< 0:2.68.4-18.el9_7.1 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "0:2.68.4-18.el9_7.1" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6579,13 +6441,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6596,39 +6458,39 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6636,47 +6498,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6691,21 +6567,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6719,13 +6595,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6736,20 +6612,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -6757,24 +6633,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6782,54 +6658,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6844,21 +6731,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6872,13 +6759,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6889,39 +6776,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -6932,7 +6819,7 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -6950,7 +6837,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29477", + "vulnerabilityID": "CVE-2025-29478", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -6984,45 +6871,39 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -7030,53 +6911,232 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "namespace": "redhat:distro:redhat:9", + "severity": "High", + "urls": [], + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + ], + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7091,21 +7151,24 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7119,13 +7182,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7136,37 +7199,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7176,59 +7239,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7245,21 +7294,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7273,13 +7322,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7290,20 +7339,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7311,18 +7360,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -7330,54 +7385,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7385,21 +7447,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7413,19 +7475,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7435,184 +7492,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.9" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7620,54 +7633,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7675,21 +7694,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7703,19 +7722,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7725,39 +7739,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7765,54 +7779,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7820,21 +7848,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7851,16 +7879,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7870,38 +7893,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7914,43 +7937,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7958,7 +7980,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7966,21 +7988,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7994,14 +8016,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8011,38 +8038,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8055,43 +8082,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8107,21 +8133,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8135,23 +8161,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8163,38 +8183,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8207,43 +8227,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8259,21 +8278,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8287,27 +8306,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8319,38 +8328,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8363,43 +8372,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8415,21 +8423,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8443,27 +8451,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8475,44 +8473,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8521,68 +8513,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8598,21 +8569,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8626,13 +8597,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8643,38 +8614,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8683,51 +8654,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8735,7 +8702,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8743,21 +8710,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8771,55 +8738,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8828,51 +8806,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8888,21 +8862,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8916,66 +8890,70 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8984,52 +8962,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9045,21 +9018,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9073,23 +9046,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -9101,20 +9078,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9122,17 +9099,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9141,33 +9124,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9183,21 +9201,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9211,13 +9229,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9228,38 +9246,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9268,33 +9286,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9302,7 +9338,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9310,21 +9346,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9338,66 +9374,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9406,33 +9431,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9448,21 +9491,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9476,70 +9519,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9548,33 +9587,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9590,21 +9648,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9618,27 +9676,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9673,8 +9727,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9682,7 +9736,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9735,8 +9789,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9744,7 +9798,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9827,8 +9881,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9888,8 +9942,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9980,8 +10034,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10048,8 +10102,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10157,8 +10211,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10223,8 +10277,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10321,8 +10375,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10383,8 +10437,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10475,8 +10529,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10536,8 +10590,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10628,8 +10682,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10669,8 +10723,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10764,8 +10818,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10805,8 +10859,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10900,8 +10954,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10961,8 +11015,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11028,6 +11082,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11246,7 +11428,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11360,6 +11542,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11409,91 +11601,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index cf2e4e4..7242716 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -17,8 +17,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | -| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -48,13 +48,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -69,13 +73,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index e9722ac..109ffcb 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.1" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.11.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index 800d216..e48dec3 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index 752e4b6..50a34d1 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.05074, - "percentile": 0.89486, - "date": "2026-01-21" + "percentile": 0.89507, + "date": "2026-01-26" } ], "cwes": [ @@ -189,8 +189,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -198,7 +198,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -210,7 +210,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -268,8 +268,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -277,7 +277,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -289,7 +289,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -372,8 +372,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -417,8 +417,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -512,8 +512,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -557,8 +557,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -652,8 +652,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -718,8 +718,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -821,8 +821,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -887,8 +887,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -990,8 +990,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1046,8 +1046,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -1138,8 +1138,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1147,7 +1147,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1171,7 +1171,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1186,8 +1186,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1195,7 +1195,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1278,8 +1278,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1349,8 +1349,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1452,8 +1452,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1523,8 +1523,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1626,8 +1626,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1675,8 +1675,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1767,8 +1767,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1816,8 +1816,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1919,8 +1919,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1967,8 +1967,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -2059,8 +2059,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2126,8 +2126,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2224,8 +2224,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2299,8 +2299,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2397,8 +2397,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2458,8 +2458,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2555,8 +2555,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2616,8 +2616,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2713,8 +2713,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2809,8 +2809,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2913,8 +2913,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2972,8 +2972,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,8 +3064,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3123,8 +3123,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3201,6 +3201,147 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03618 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + ], + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-3360", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-3360", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-6965", @@ -3226,8 +3367,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3303,8 +3444,8 @@ { "cve": "CVE-2025-6965", "epss": 0.00047, - "percentile": 0.1435, - "date": "2026-01-21" + "percentile": 0.1425, + "date": "2026-01-26" } ], "cwes": [ @@ -3409,8 +3550,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3418,7 +3559,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3442,7 +3583,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3457,8 +3598,8 @@ { "cve": "CVE-2025-14512", "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ @@ -3466,7 +3607,7 @@ "cve": "CVE-2025-14512", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3549,8 +3690,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3599,8 +3740,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ @@ -3668,20 +3809,20 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -3689,18 +3830,18 @@ ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3708,48 +3849,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.032785 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2022-41409", + "epss": 0.00079, + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", + "cve": "CVE-2022-41409", "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3764,21 +3904,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -3792,13 +3932,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3832,8 +3972,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3880,8 +4020,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3896,7 +4036,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3905,7 +4045,7 @@ }, "package": { "name": "pcre2", - "version": "0:10.40-6.el9" + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -3916,8 +4056,8 @@ } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", "version": "10.40-6.el9", "type": "rpm", "locations": [ @@ -3935,154 +4075,14 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" ], "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [ @@ -4123,8 +4123,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -4165,8 +4165,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -4249,8 +4249,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4292,8 +4292,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4387,8 +4387,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4430,8 +4430,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4502,36 +4502,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4542,25 +4542,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4571,15 +4571,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4603,7 +4603,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4642,36 +4642,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4682,25 +4682,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4711,15 +4711,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4743,7 +4743,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4793,36 +4793,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4833,25 +4833,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4862,15 +4862,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4894,7 +4894,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4948,36 +4948,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4988,25 +4988,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5017,15 +5017,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -5049,7 +5049,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -5103,96 +5103,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5200,17 +5172,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -5218,7 +5190,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5226,24 +5198,21 @@ "version": "9.6" }, "package": { - "name": "systemd", - "version": "252-51.el9_6.2" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "46b51eb19b3a109f", - "name": "systemd-libs", - "version": "252-51.el9_6.2", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5257,25 +5226,14 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-51.el9_6.2" - } + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5285,20 +5243,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5306,18 +5264,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5325,54 +5283,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5380,21 +5338,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5408,37 +5366,48 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5446,18 +5415,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5465,54 +5434,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5520,21 +5489,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5548,14 +5517,29 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5565,17 +5549,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -5586,18 +5570,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -5605,28 +5589,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -5637,18 +5618,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -5663,21 +5644,21 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -5691,23 +5672,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -5719,71 +5704,96 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019055 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5791,18 +5801,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-4598", + "cwe": "CWE-364", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5817,21 +5827,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "46b51eb19b3a109f", + "name": "systemd-libs", + "version": "252-51.el9_6.2", "type": "rpm", "locations": [ { @@ -5845,23 +5858,23 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-51.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-51.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-51.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=systemd-252-51.el9_6.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "systemd", + "version": "252-51.el9_6.2" } ], "metadataType": "RpmMetadata", @@ -5873,113 +5886,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9714", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.9.13-14.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.9.13-14.el9_7", - "date": "2025-12-02", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22376", - "link": "https://access.redhat.com/errata/RHSA-2025:22376" - } - ], - "risk": 0.01736 + "advisories": [], + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9714", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", - "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "security@ubuntu.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9714", - "epss": 0.00031, - "percentile": 0.08302, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9714", - "cwe": "CWE-674", - "source": "security@ubuntu.com", - "type": "Secondary" + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6000,11 +5987,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9714", - "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.9.13-14.el9_7" + "vulnerabilityID": "CVE-2026-0992", + "versionConstraint": "none (unknown)" } } ], @@ -6042,121 +6026,87 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -6171,24 +6121,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6202,104 +6149,79 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01537 + "advisories": [], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -6316,24 +6238,18 @@ ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-9086", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6348,24 +6264,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6379,231 +6292,125 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019055 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6611,21 +6418,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -6639,14 +6446,25 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-31.el9_6.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6656,111 +6474,113 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9714", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.9.13-14.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.9.13-14.el9_7", + "date": "2025-12-02", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014105 + "advisories": [ + { + "id": "RHSA-2025:22376", + "link": "https://access.redhat.com/errata/RHSA-2025:22376" + } + ], + "risk": 0.01736 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9714", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00035.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "security@ubuntu.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9714", "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "percentile": 0.08377, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9714", + "cwe": "CWE-674", + "source": "security@ubuntu.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6775,21 +6595,24 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9714", + "versionConstraint": "< 0:2.9.13-14.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.9.13-14.el9_7" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -6803,13 +6626,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6842,9 +6665,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6874,7 +6697,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6884,6 +6707,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6907,9 +6732,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6980,87 +6805,121 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "No description is available for this CVE.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.7, + "baseScore": 5.6, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.013064999999999998 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7075,21 +6934,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7103,156 +6965,145 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { "versions": [ - "0:2.3.3-5.el9_7" + "1:3.5.1-4.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" } ], - "risk": 0.012240000000000003 + "risk": 0.01537 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2025-9230", + "epss": 0.00029, + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2025-68973", + "cve": "CVE-2025-9230", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7260,24 +7111,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -7291,56 +7142,67 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7348,47 +7210,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7403,21 +7279,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7431,13 +7307,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7448,20 +7324,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -7469,24 +7345,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7494,54 +7370,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.010620000000000001 + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7556,21 +7443,21 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -7584,13 +7471,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7601,39 +7488,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29477", + "cve": "CVE-2025-29478", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -7644,151 +7531,324 @@ "state": "" }, "advisories": [], - "risk": 0.0105 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.013064999999999998 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.2" - } + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00945 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7803,21 +7863,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -7831,13 +7894,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7848,37 +7911,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7888,59 +7951,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.01072 }, "relatedVulnerabilities": [ - { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + { + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -7957,21 +8006,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -7985,13 +8034,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8002,20 +8051,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 6.8, + "exploitabilityScore": 2.6, "impactScore": 4.3 }, "vendorMetadata": {} @@ -8023,18 +8072,24 @@ ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ], "fix": { @@ -8042,54 +8097,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8097,21 +8159,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -8125,19 +8187,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8147,184 +8204,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.11.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -8332,54 +8345,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8387,21 +8406,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8415,19 +8434,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8437,39 +8451,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8477,54 +8491,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, + "baseScore": 5.6, + "exploitabilityScore": 1.4, "impactScore": 4.3 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8532,21 +8560,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8563,16 +8591,11 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8582,38 +8605,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8626,43 +8649,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8670,7 +8692,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8678,21 +8700,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8706,14 +8728,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8723,38 +8750,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8767,43 +8794,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8819,21 +8845,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8847,23 +8873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8875,38 +8895,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8919,43 +8939,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8971,21 +8990,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8999,27 +9018,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9031,38 +9040,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9075,43 +9084,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9127,21 +9135,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -9155,27 +9163,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -9187,44 +9185,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9233,68 +9225,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9310,21 +9281,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9338,13 +9309,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9355,38 +9326,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9395,51 +9366,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9447,7 +9414,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9455,21 +9422,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9483,55 +9450,66 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9540,51 +9518,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9600,21 +9574,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9628,66 +9602,70 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9696,52 +9674,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9757,21 +9730,21 @@ "version": "9.6" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -9785,23 +9758,27 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -9813,20 +9790,20 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.2, + "exploitabilityScore": 2.6, "impactScore": 3.6 }, "vendorMetadata": {} @@ -9834,17 +9811,23 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9853,33 +9836,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Low", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9895,21 +9913,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9923,13 +9941,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9940,38 +9958,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9980,33 +9998,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10014,7 +10050,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10022,21 +10058,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10050,66 +10086,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -10118,33 +10143,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10160,21 +10203,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10188,70 +10231,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10260,33 +10299,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10302,21 +10360,21 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10330,27 +10388,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.6&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10385,8 +10439,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10394,7 +10448,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10447,8 +10501,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10456,7 +10510,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10539,8 +10593,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10600,8 +10654,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10692,8 +10746,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10760,8 +10814,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10869,8 +10923,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10935,8 +10989,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -11033,8 +11087,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11095,8 +11149,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -11187,8 +11241,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11248,8 +11302,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -11340,8 +11394,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11381,8 +11435,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11476,8 +11530,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11517,8 +11571,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11612,8 +11666,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11673,8 +11727,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11740,6 +11794,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11958,7 +12140,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -12072,6 +12254,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -12121,91 +12313,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index 749438f..84abde0 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -18,10 +18,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,17 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -73,13 +77,10 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index 542d978..b81ab23 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,96 +4601,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4698,17 +4670,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -4724,24 +4696,21 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "0:252-55.el9_7.2" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "e8cfdbaead821b00", - "name": "systemd", - "version": "252-55.el9_7.2", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4755,13 +4724,13 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4772,96 +4741,68 @@ }, { "vulnerability": { - "id": "CVE-2025-4598", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "0:252-55.el9_7.7" - ], - "state": "fixed", - "available": [ - { - "version": "0:252-55.el9_7.7", - "date": "2025-12-04", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:22660", - "link": "https://access.redhat.com/errata/RHSA-2025:22660" - } - ], - "risk": 0.019885 + "advisories": [], + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-4598", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/errata/RHSA-2025:22660", - "https://access.redhat.com/errata/RHSA-2025:22868", - "https://access.redhat.com/errata/RHSA-2025:23227", - "https://access.redhat.com/errata/RHSA-2025:23234", - "https://access.redhat.com/errata/RHSA-2026:0414", - "https://access.redhat.com/security/cve/CVE-2025-4598", - "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", - "https://www.openwall.com/lists/oss-security/2025/05/29/3", - "http://seclists.org/fulldisclosure/2025/Jun/9", - "http://www.openwall.com/lists/oss-security/2025/06/05/1", - "http://www.openwall.com/lists/oss-security/2025/06/05/3", - "http://www.openwall.com/lists/oss-security/2025/08/18/3", - "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", - "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", - "https://www.openwall.com/lists/oss-security/2025/08/18/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4869,17 +4810,17 @@ ], "epss": [ { - "cve": "CVE-2025-4598", + "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-4598", - "cwe": "CWE-364", - "source": "secalert@redhat.com", + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -4895,24 +4836,172 @@ "version": "9.7" }, "package": { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-4598", - "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + ], + "cpes": [ + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.021115000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" + ], + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glibc", + "version": "2.34-231.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" }, - "fix": { - "suggestedVersion": "0:252-55.el9_7.7" + "found": { + "vulnerabilityID": "CVE-2026-0915", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c4152df82a1db41b", - "name": "systemd-libs", - "version": "252-55.el9_7.2", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4926,23 +5015,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "systemd", - "version": "252-55.el9_7.2" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -4977,8 +5070,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ @@ -5053,8 +5146,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ @@ -5069,7 +5162,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5078,7 +5171,7 @@ }, "package": { "name": "systemd", - "version": "252-55.el9_7.2" + "version": "0:252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, @@ -5092,8 +5185,8 @@ } ], "artifact": { - "id": "ead60bdbac583ffe", - "name": "systemd-pam", + "id": "e8cfdbaead821b00", + "name": "systemd", "version": "252-55.el9_7.2", "type": "rpm", "locations": [ @@ -5111,22 +5204,11 @@ "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "systemd", - "version": "252-55.el9_7.2" - } + "cpe:2.3:a:systemd:systemd:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd:252-55.el9_7.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/systemd@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5159,8 +5241,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ @@ -5235,8 +5317,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00041, - "percentile": 0.12236, - "date": "2026-01-21" + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ @@ -5274,9 +5356,9 @@ } ], "artifact": { - "id": "7126adbff2843171", - "name": "systemd-rpm-macros", - "version": "252-55.el9_7.2", + "id": "c4152df82a1db41b", + "name": "systemd-libs", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -5290,23 +5372,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and MIT and GPLv2+" + "LGPLv2+ and MIT" ], "cpes": [ - "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_libs:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-libs:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_libs:252-55.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/systemd-libs@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", "upstreams": [ { "name": "systemd", @@ -5322,94 +5400,122 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019765 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5417,21 +5523,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "systemd", + "version": "252-55.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "ead60bdbac583ffe", + "name": "systemd-pam", + "version": "252-55.el9_7.2", "type": "rpm", "locations": [ { @@ -5445,14 +5554,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and MIT and GPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd-pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_pam:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-pam:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_pam:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-pam@252-55.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5462,94 +5582,280 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-4598", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-4598", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:252-55.el9_7.7" + ], + "state": "fixed", + "available": [ + { + "version": "0:252-55.el9_7.7", + "date": "2025-12-04", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.019764999999999998 + "advisories": [ + { + "id": "RHSA-2025:22660", + "link": "https://access.redhat.com/errata/RHSA-2025:22660" + } + ], + "risk": 0.019885 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-4598", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://access.redhat.com/errata/RHSA-2025:22660", + "https://access.redhat.com/errata/RHSA-2025:22868", + "https://access.redhat.com/errata/RHSA-2025:23227", + "https://access.redhat.com/errata/RHSA-2025:23234", + "https://access.redhat.com/errata/RHSA-2026:0414", + "https://access.redhat.com/security/cve/CVE-2025-4598", + "https://bugzilla.redhat.com/show_bug.cgi?id=2369242", + "https://www.openwall.com/lists/oss-security/2025/05/29/3", + "http://seclists.org/fulldisclosure/2025/Jun/9", + "http://www.openwall.com/lists/oss-security/2025/06/05/1", + "http://www.openwall.com/lists/oss-security/2025/06/05/3", + "http://www.openwall.com/lists/oss-security/2025/08/18/3", + "https://blogs.oracle.com/linux/post/analysis-of-cve-2025-4598", + "https://ciq.com/blog/the-real-danger-of-systemd-coredump-cve-2025-4598/", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00022.html", + "https://www.openwall.com/lists/oss-security/2025/08/18/3" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2025-4598", + "epss": 0.00041, + "percentile": 0.12252, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", + "cve": "CVE-2025-4598", + "cwe": "CWE-364", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "systemd", + "version": "252-55.el9_7.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-4598", + "versionConstraint": "< 0:252-55.el9_7.7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:252-55.el9_7.7" + } + } + ], + "artifact": { + "id": "7126adbff2843171", + "name": "systemd-rpm-macros", + "version": "252-55.el9_7.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+ and MIT and GPLv2+" + ], + "cpes": [ + "cpe:2.3:a:systemd-rpm-macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm-macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm_macros:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd-rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd_rpm:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:systemd:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd-rpm-macros:252-55.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:systemd_rpm_macros:252-55.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/systemd-rpm-macros@252-55.el9_7.2?arch=noarch&distro=rhel-9.7&upstream=systemd-252-55.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "systemd", + "version": "252-55.el9_7.2" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019765 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + ], + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5563,7 +5869,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -5602,20 +5908,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 3.7, + "exploitabilityScore": 2.3, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5623,17 +5929,17 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -5642,49 +5948,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.019764999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5692,7 +5995,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5700,21 +6003,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5731,22 +6034,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5779,8 +6071,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ @@ -5830,8 +6122,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ @@ -5866,9 +6158,9 @@ } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5885,16 +6177,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { "name": "curl", @@ -5910,291 +6202,36 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0147 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" - ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5915", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6205,62 +6242,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -6270,7 +6292,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6278,21 +6300,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -6306,14 +6328,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6345,9 +6378,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6377,7 +6410,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -6387,6 +6420,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -6410,9 +6445,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -6483,39 +6518,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -6523,47 +6558,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -6578,21 +6627,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -6606,13 +6655,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6623,130 +6672,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6763,24 +6791,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6794,13 +6819,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6811,17 +6836,112 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.013649999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6832,16 +6952,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6851,25 +6971,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6880,16 +7000,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6912,7 +7032,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } @@ -6951,100 +7071,132 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.010620000000000001 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7059,184 +7211,86 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.1" - } + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "da8fb8ec75f41cac", - "name": "fluent-bit", - "version": "25.12.1", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7245,52 +7299,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7306,21 +7354,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -7334,13 +7382,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7351,38 +7399,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -7391,60 +7445,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -7460,21 +7507,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -7488,13 +7535,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7505,184 +7552,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "da8fb8ec75f41cac", + "name": "fluent-bit", + "version": "25.12.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:459526885e59156ca8f5587a59e78d87e0a6c365cd29c17b7eb4e8d3c5d85017", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.12.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -7690,54 +7693,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7745,21 +7754,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7773,19 +7782,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7795,39 +7799,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7835,54 +7839,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7890,21 +7908,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7918,19 +7936,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7963,8 +7976,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7972,7 +7985,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7996,7 +8009,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -8011,8 +8024,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8020,7 +8033,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8047,8 +8060,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8066,10 +8079,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8108,8 +8121,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8117,7 +8130,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8141,7 +8154,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -8156,8 +8169,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8165,7 +8178,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8192,8 +8205,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8208,13 +8221,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8253,8 +8266,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8262,7 +8275,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8286,7 +8299,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -8301,8 +8314,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8310,14 +8323,14 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8326,7 +8339,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -8337,8 +8350,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8353,20 +8366,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8399,8 +8411,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8408,7 +8420,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8432,7 +8444,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -8447,8 +8459,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -8456,7 +8468,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8483,8 +8495,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -8499,23 +8511,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -8531,38 +8533,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8575,43 +8577,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8619,7 +8620,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8627,21 +8628,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8655,14 +8656,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8672,38 +8678,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8716,43 +8722,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8760,7 +8765,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8768,21 +8773,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8796,25 +8801,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8824,38 +8824,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8868,43 +8868,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8920,21 +8919,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8948,27 +8947,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8980,44 +8979,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9026,68 +9019,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" + } + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9103,21 +9075,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9131,13 +9103,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9148,38 +9120,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9188,51 +9160,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9240,7 +9208,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9248,21 +9216,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9276,55 +9244,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -9333,51 +9312,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -9393,21 +9368,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -9421,66 +9396,76 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -9489,52 +9474,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9542,7 +9543,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9550,21 +9551,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9581,22 +9582,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9606,38 +9596,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9646,33 +9636,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9688,21 +9696,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9716,55 +9724,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9773,33 +9781,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9815,21 +9841,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9843,66 +9869,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9911,33 +9937,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9953,21 +9998,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9981,27 +10026,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -10036,8 +10077,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10045,7 +10086,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -10098,8 +10139,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -10107,7 +10148,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -10190,8 +10231,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10251,8 +10292,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -10343,8 +10384,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10411,8 +10452,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -10520,8 +10561,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10586,8 +10627,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -10684,8 +10725,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10746,8 +10787,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10838,8 +10879,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10899,8 +10940,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10991,8 +11032,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -11051,8 +11092,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -11143,8 +11184,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11184,8 +11225,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11279,8 +11320,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -11320,8 +11361,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -11415,8 +11456,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11476,8 +11517,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -11543,6 +11584,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11762,7 +11931,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11876,6 +12045,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11925,91 +12104,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index 5998f24..7ac4973 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -18,8 +18,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -52,13 +52,16 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -72,13 +75,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index 7597d66..56d6e77 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,20 +4601,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,18 +4622,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4641,47 +4641,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4696,21 +4696,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4724,13 +4724,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4741,20 +4741,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,18 +4762,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4781,54 +4781,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4836,23 +4836,23 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", - "type": "rpm", - "locations": [ + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", @@ -4864,14 +4864,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4881,17 +4892,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4902,18 +4913,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4921,28 +4932,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4953,18 +4961,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4979,21 +4987,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5007,23 +5015,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5035,20 +5047,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5056,17 +5068,17 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -5075,49 +5087,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5125,7 +5134,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5133,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5164,22 +5173,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5189,196 +5187,87 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019764999999999998 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5393,21 +5282,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5421,13 +5310,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5438,42 +5327,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5484,62 +5367,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5549,7 +5417,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5557,21 +5425,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5585,16 +5453,181 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -5624,9 +5657,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5656,7 +5689,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5666,6 +5699,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5689,9 +5724,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5762,39 +5797,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5802,47 +5837,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5857,21 +5906,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5885,13 +5934,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5902,130 +5951,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6042,24 +6070,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6073,13 +6098,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,17 +6115,112 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.013649999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6111,16 +6231,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6130,25 +6250,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6159,16 +6279,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6191,7 +6311,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } @@ -6230,100 +6350,132 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.010620000000000001 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6338,184 +6490,86 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.2" - } + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6524,52 +6578,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6585,21 +6633,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6613,13 +6661,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6630,38 +6678,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -6670,60 +6724,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6739,21 +6786,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -6767,13 +6814,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6784,184 +6831,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6969,54 +6972,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7024,21 +7033,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7052,19 +7061,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7074,39 +7078,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7114,54 +7118,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7169,21 +7187,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7197,19 +7215,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7242,8 +7255,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7251,7 +7264,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7275,7 +7288,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7290,8 +7303,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7299,7 +7312,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7326,8 +7339,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7345,10 +7358,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7387,8 +7400,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7396,7 +7409,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7420,7 +7433,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7435,8 +7448,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7444,7 +7457,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7471,8 +7484,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7487,13 +7500,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7532,8 +7545,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7541,7 +7554,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7565,7 +7578,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7580,8 +7593,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7589,14 +7602,14 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7605,7 +7618,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -7616,8 +7629,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7632,20 +7645,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7678,8 +7690,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7687,7 +7699,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7711,7 +7723,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7726,8 +7738,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7735,7 +7747,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7762,8 +7774,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7778,23 +7790,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7810,38 +7812,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7854,43 +7856,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7898,7 +7899,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7906,21 +7907,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7934,14 +7935,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7951,38 +7957,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7995,43 +8001,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8039,7 +8044,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8047,21 +8052,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8075,25 +8080,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8103,38 +8103,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8147,43 +8147,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8199,21 +8198,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8227,27 +8226,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8259,44 +8258,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8305,68 +8298,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" + } + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8382,21 +8354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8410,13 +8382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8427,38 +8399,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8467,51 +8439,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8519,7 +8487,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8527,21 +8495,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8555,55 +8523,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8612,51 +8591,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8672,21 +8647,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8700,66 +8675,76 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8768,52 +8753,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8821,7 +8822,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8829,21 +8830,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,22 +8861,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8885,38 +8875,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8925,33 +8915,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8967,21 +8975,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8995,55 +9003,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9052,33 +9060,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9094,21 +9120,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9122,66 +9148,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9190,33 +9216,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9232,21 +9277,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9260,27 +9305,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9315,8 +9356,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9324,7 +9365,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9377,8 +9418,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9386,7 +9427,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9469,8 +9510,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9530,8 +9571,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9622,8 +9663,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9690,8 +9731,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9799,8 +9840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9865,8 +9906,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9963,8 +10004,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10025,8 +10066,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10117,8 +10158,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10178,8 +10219,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10270,8 +10311,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10330,8 +10371,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10422,8 +10463,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10463,8 +10504,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10558,8 +10599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10599,8 +10640,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10694,8 +10735,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10755,8 +10796,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10822,6 +10863,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11041,7 +11210,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11155,6 +11324,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11204,91 +11383,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index 2e0cbe9..90b02a1 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -14,8 +14,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -48,13 +48,16 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -68,13 +71,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index d070592..0b71fdd 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,20 +4601,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,18 +4622,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4641,47 +4641,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4696,21 +4696,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4724,13 +4724,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4741,20 +4741,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,18 +4762,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4781,54 +4781,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4836,23 +4836,23 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", - "type": "rpm", - "locations": [ + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", @@ -4864,14 +4864,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4881,17 +4892,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4902,18 +4913,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4921,28 +4932,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4953,18 +4961,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4979,21 +4987,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5007,23 +5015,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5035,20 +5047,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5056,17 +5068,17 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -5075,49 +5087,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5125,7 +5134,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5133,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5164,22 +5173,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5189,196 +5187,87 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019764999999999998 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5393,21 +5282,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5421,13 +5310,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5438,42 +5327,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5484,62 +5367,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5549,7 +5417,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5557,21 +5425,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5585,16 +5453,181 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -5624,9 +5657,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5656,7 +5689,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5666,6 +5699,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5689,9 +5724,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5762,39 +5797,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5802,47 +5837,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5857,21 +5906,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5885,13 +5934,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5902,130 +5951,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6042,24 +6070,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6073,13 +6098,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,17 +6115,112 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.013649999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6111,16 +6231,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6130,25 +6250,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6159,16 +6279,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6191,7 +6311,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } @@ -6230,100 +6350,132 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.010620000000000001 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6338,184 +6490,86 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.3" - } + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6524,52 +6578,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6585,21 +6633,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6613,13 +6661,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6630,38 +6678,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -6670,60 +6724,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6739,21 +6786,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -6767,13 +6814,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6784,184 +6831,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.3" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6969,54 +6972,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7024,21 +7033,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7052,19 +7061,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7074,39 +7078,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7114,54 +7118,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7169,21 +7187,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7197,19 +7215,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7242,8 +7255,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7251,7 +7264,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7275,7 +7288,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7290,8 +7303,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7299,7 +7312,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7326,8 +7339,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7345,10 +7358,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7387,8 +7400,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7396,7 +7409,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7420,7 +7433,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7435,8 +7448,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7444,7 +7457,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7471,8 +7484,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7487,13 +7500,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7532,8 +7545,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7541,7 +7554,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7565,7 +7578,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7580,8 +7593,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7589,14 +7602,14 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7605,7 +7618,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -7616,8 +7629,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7632,20 +7645,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7678,8 +7690,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7687,7 +7699,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7711,7 +7723,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7726,8 +7738,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7735,7 +7747,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7762,8 +7774,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7778,23 +7790,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7810,38 +7812,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7854,43 +7856,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7898,7 +7899,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7906,21 +7907,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7934,14 +7935,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7951,38 +7957,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7995,43 +8001,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8039,7 +8044,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8047,21 +8052,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8075,25 +8080,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8103,38 +8103,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8147,43 +8147,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8199,21 +8198,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8227,27 +8226,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8259,44 +8258,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8305,68 +8298,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" + } + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8382,21 +8354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8410,13 +8382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8427,38 +8399,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8467,51 +8439,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8519,7 +8487,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8527,21 +8495,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8555,55 +8523,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8612,51 +8591,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8672,21 +8647,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8700,66 +8675,76 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8768,52 +8753,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8821,7 +8822,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8829,21 +8830,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,22 +8861,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8885,38 +8875,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8925,33 +8915,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8967,21 +8975,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8995,55 +9003,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9052,33 +9060,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9094,21 +9120,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9122,66 +9148,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9190,33 +9216,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9232,21 +9277,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9260,27 +9305,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9315,8 +9356,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9324,7 +9365,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9377,8 +9418,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9386,7 +9427,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9469,8 +9510,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9530,8 +9571,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9622,8 +9663,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9690,8 +9731,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9799,8 +9840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9865,8 +9906,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9963,8 +10004,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10025,8 +10066,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10117,8 +10158,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10178,8 +10219,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10270,8 +10311,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10330,8 +10371,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10422,8 +10463,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10463,8 +10504,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10558,8 +10599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10599,8 +10640,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10694,8 +10735,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10755,8 +10796,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10822,6 +10863,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11041,7 +11210,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11155,6 +11324,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11204,91 +11383,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index 9283e3d..639bc57 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -14,8 +14,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -48,13 +48,16 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -68,13 +71,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.4.json b/docs/security/agent/grype-25.12.4.json index 23f5ff1..d32c29c 100644 --- a/docs/security/agent/grype-25.12.4.json +++ b/docs/security/agent/grype-25.12.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,20 +4601,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,18 +4622,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4641,47 +4641,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4696,21 +4696,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4724,13 +4724,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4741,20 +4741,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,18 +4762,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4781,54 +4781,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4836,23 +4836,23 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", - "type": "rpm", - "locations": [ + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", @@ -4864,14 +4864,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4881,17 +4892,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4902,18 +4913,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4921,28 +4932,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4953,18 +4961,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4979,21 +4987,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5007,23 +5015,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5035,20 +5047,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5056,17 +5068,17 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -5075,49 +5087,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5125,7 +5134,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5133,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5164,22 +5173,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5189,196 +5187,87 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019764999999999998 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5393,21 +5282,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5421,13 +5310,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5438,42 +5327,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5484,62 +5367,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5549,7 +5417,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5557,21 +5425,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5585,16 +5453,181 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -5624,9 +5657,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5656,7 +5689,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5666,6 +5699,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5689,9 +5724,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5762,39 +5797,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5802,47 +5837,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5857,21 +5906,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5885,13 +5934,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5902,130 +5951,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6042,24 +6070,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6073,13 +6098,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,17 +6115,112 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.013649999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.12.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6111,16 +6231,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6130,25 +6250,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6159,16 +6279,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6191,7 +6311,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } @@ -6230,100 +6350,132 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.010620000000000001 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6338,184 +6490,86 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.4" - } + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6524,52 +6578,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6585,21 +6633,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6613,13 +6661,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6630,38 +6678,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -6670,60 +6724,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6739,21 +6786,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -6767,13 +6814,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6784,184 +6831,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.4" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6969,54 +6972,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7024,21 +7033,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7052,19 +7061,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7074,39 +7078,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7114,54 +7118,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7169,21 +7187,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7197,19 +7215,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7242,8 +7255,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7251,7 +7264,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7275,7 +7288,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7290,8 +7303,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7299,7 +7312,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7326,8 +7339,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7345,10 +7358,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7387,8 +7400,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7396,7 +7409,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7420,7 +7433,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7435,8 +7448,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7444,7 +7457,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7471,8 +7484,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7487,13 +7500,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7532,8 +7545,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7541,7 +7554,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7565,7 +7578,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7580,8 +7593,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7589,14 +7602,14 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7605,7 +7618,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -7616,8 +7629,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7632,20 +7645,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7678,8 +7690,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7687,7 +7699,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7711,7 +7723,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7726,8 +7738,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7735,7 +7747,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7762,8 +7774,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7778,23 +7790,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7810,38 +7812,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7854,43 +7856,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7898,7 +7899,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7906,21 +7907,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7934,14 +7935,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7951,38 +7957,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7995,43 +8001,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8039,7 +8044,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8047,21 +8052,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8075,25 +8080,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8103,38 +8103,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8147,43 +8147,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8199,21 +8198,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8227,27 +8226,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8259,44 +8258,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8305,68 +8298,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" + } + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8382,21 +8354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8410,13 +8382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8427,38 +8399,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8467,51 +8439,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8519,7 +8487,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8527,21 +8495,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8555,55 +8523,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8612,51 +8591,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8672,21 +8647,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8700,66 +8675,76 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8768,52 +8753,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8821,7 +8822,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8829,21 +8830,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,22 +8861,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8885,38 +8875,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8925,33 +8915,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8967,21 +8975,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8995,55 +9003,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9052,33 +9060,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9094,21 +9120,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9122,66 +9148,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9190,33 +9216,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9232,21 +9277,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9260,27 +9305,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9315,8 +9356,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9324,7 +9365,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9377,8 +9418,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9386,7 +9427,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9469,8 +9510,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9530,8 +9571,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9622,8 +9663,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9690,8 +9731,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9799,8 +9840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9865,8 +9906,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9963,8 +10004,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10025,8 +10066,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10117,8 +10158,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10178,8 +10219,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10270,8 +10311,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10330,8 +10371,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10422,8 +10463,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10463,8 +10504,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10558,8 +10599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10599,8 +10640,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10694,8 +10735,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10755,8 +10796,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10822,6 +10863,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11041,7 +11210,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11155,6 +11324,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11204,91 +11383,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-25.12.4.md b/docs/security/agent/grype-25.12.4.md index 19bbfd4..8bb2d83 100644 --- a/docs/security/agent/grype-25.12.4.md +++ b/docs/security/agent/grype-25.12.4.md @@ -14,8 +14,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -48,13 +48,16 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -68,13 +71,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-26.1.1.json b/docs/security/agent/grype-26.1.1.json index a2a438f..9cb737a 100644 --- a/docs/security/agent/grype-26.1.1.json +++ b/docs/security/agent/grype-26.1.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -34,7 +34,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -46,7 +46,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -113,7 +113,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -125,7 +125,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -208,8 +208,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -253,8 +253,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -348,8 +348,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ], "fix": { @@ -393,8 +393,8 @@ { "cve": "CVE-2024-11053", "epss": 0.01034, - "percentile": 0.76901, - "date": "2026-01-21" + "percentile": 0.76934, + "date": "2026-01-26" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00924, - "percentile": 0.75534, - "date": "2026-01-21" + "percentile": 0.75555, + "date": "2026-01-26" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74344, - "date": "2026-01-21" + "percentile": 0.74369, + "date": "2026-01-26" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -983,7 +983,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -1007,7 +1007,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { @@ -1022,8 +1022,8 @@ { "cve": "CVE-2025-14087", "epss": 0.00422, - "percentile": 0.61536, - "date": "2026-01-21" + "percentile": 0.61533, + "date": "2026-01-26" } ], "cwes": [ @@ -1031,7 +1031,7 @@ "cve": "CVE-2025-14087", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -1114,8 +1114,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1185,8 +1185,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1288,8 +1288,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1359,8 +1359,8 @@ { "cve": "CVE-2024-9681", "epss": 0.0058, - "percentile": 0.68294, - "date": "2026-01-21" + "percentile": 0.68306, + "date": "2026-01-26" } ], "cwes": [ @@ -1462,8 +1462,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1511,8 +1511,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1603,8 +1603,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1652,8 +1652,8 @@ { "cve": "CVE-2024-41996", "epss": 0.00434, - "percentile": 0.62298, - "date": "2026-01-21" + "percentile": 0.62301, + "date": "2026-01-26" } ], "cwes": [ @@ -1755,8 +1755,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1803,8 +1803,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00179, - "percentile": 0.39689, - "date": "2026-01-21" + "percentile": 0.39644, + "date": "2026-01-26" } ], "cwes": [ @@ -1895,8 +1895,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -1962,8 +1962,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39656, - "date": "2026-01-21" + "percentile": 0.39609, + "date": "2026-01-26" } ], "cwes": [ @@ -2060,8 +2060,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2135,8 +2135,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44097, - "date": "2026-01-21" + "percentile": 0.44061, + "date": "2026-01-26" } ], "cwes": [ @@ -2233,8 +2233,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2294,8 +2294,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2391,8 +2391,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2452,8 +2452,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -2549,8 +2549,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2645,8 +2645,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41926, - "date": "2026-01-21" + "percentile": 0.41901, + "date": "2026-01-26" } ], "cwes": [ @@ -2749,8 +2749,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2808,8 +2808,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2900,8 +2900,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -2959,8 +2959,8 @@ { "cve": "CVE-2024-13176", "epss": 0.00123, - "percentile": 0.32075, - "date": "2026-01-21" + "percentile": 0.31967, + "date": "2026-01-26" } ], "cwes": [ @@ -3039,39 +3039,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3079,47 +3079,48 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.034499999999999996 + "risk": 0.03618 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-3360", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://access.redhat.com/security/cve/CVE-2025-3360", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.0006, - "percentile": 0.18916, - "date": "2026-01-21" + "cve": "CVE-2025-3360", + "epss": 0.00108, + "percentile": 0.29504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14512", + "cve": "CVE-2025-3360", "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -3140,7 +3141,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", + "vulnerabilityID": "CVE-2025-3360", "versionConstraint": "none (unknown)" } } @@ -3179,20 +3180,20 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3200,18 +3201,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { @@ -3219,25 +3220,23 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.034499999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -3250,18 +3249,18 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.2304, - "date": "2026-01-21" + "cve": "CVE-2025-14512", + "epss": 0.0006, + "percentile": 0.1881, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -3276,21 +3275,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-45322", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3304,13 +3303,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3321,39 +3320,39 @@ }, { "vulnerability": { - "id": "CVE-2025-3360", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3361,48 +3360,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.033499999999999995 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-3360", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-3360", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-3360", - "https://bugzilla.redhat.com/show_bug.cgi?id=2357754", - "https://lists.debian.org/debian-lts-announce/2025/04/msg00024.html" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-3360", - "epss": 0.001, - "percentile": 0.28232, - "date": "2026-01-21" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22939, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-3360", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3417,21 +3417,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-3360", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3445,13 +3445,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3485,8 +3485,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3533,8 +3533,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3625,8 +3625,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3673,8 @@ { "cve": "CVE-2022-41409", "epss": 0.00079, - "percentile": 0.23777, - "date": "2026-01-21" + "percentile": 0.23676, + "date": "2026-01-26" } ], "cwes": [ @@ -3776,8 +3776,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -3818,8 +3818,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -3902,8 +3902,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -3945,8 +3945,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4040,8 +4040,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ], "fix": { @@ -4083,8 +4083,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15947, - "date": "2026-01-21" + "percentile": 0.15816, + "date": "2026-01-26" } ] } @@ -4155,36 +4155,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4195,25 +4195,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4224,15 +4224,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4256,7 +4256,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4295,36 +4295,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4335,25 +4335,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4364,15 +4364,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4396,7 +4396,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4446,36 +4446,36 @@ }, { "vulnerability": { - "id": "CVE-2026-0915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", + "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4486,25 +4486,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.021115000000000002 + "risk": 0.02314 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", - "http://www.openwall.com/lists/oss-security/2026/01/16/6" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4515,15 +4515,15 @@ ], "epss": [ { - "cve": "CVE-2026-0915", - "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0915", + "cve": "CVE-2025-15281", "cwe": "CWE-908", "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" @@ -4547,7 +4547,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0915", + "vulnerabilityID": "CVE-2025-15281", "versionConstraint": "none (unknown)" } } @@ -4601,20 +4601,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4622,18 +4622,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4641,47 +4641,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019765 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00067, - "percentile": 0.20968, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4696,21 +4696,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -4724,13 +4724,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4741,20 +4741,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4762,18 +4762,18 @@ ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4781,54 +4781,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019764999999999998 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.00059, - "percentile": 0.18495, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4836,23 +4836,23 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", - "type": "rpm", - "locations": [ + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", + "type": "rpm", + "locations": [ { "path": "/var/lib/rpm/rpmdb.sqlite", "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", @@ -4864,14 +4864,25 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4881,17 +4892,17 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0915", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in glibc, the GNU C Library. When an application calls the `getnetbyaddr` or `getnetbyaddr_r` functions to resolve a network address, and the system's `nsswitch.conf` file is configured to use a DNS (Domain Name System) backend for network lookups, a query for a zero-valued network can lead to the disclosure of stack memory contents. This information is leaked to the configured DNS resolver, potentially allowing an attacker who controls the resolver to gain sensitive data from the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { "baseScore": 5.3, "exploitabilityScore": 3.9, @@ -4902,18 +4913,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { @@ -4921,28 +4932,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.021115000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0915", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33802", + "http://www.openwall.com/lists/oss-security/2026/01/16/6" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -4953,18 +4961,18 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0915", + "epss": 0.00041, + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0915", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -4979,21 +4987,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -5007,23 +5015,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -5035,20 +5047,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9086", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5056,17 +5068,17 @@ ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -5075,49 +5087,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019055 + "risk": 0.019765 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9086", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://curl.se/docs/CVE-2025-9086.html", - "https://curl.se/docs/CVE-2025-9086.json", - "https://hackerone.com/reports/3294999", - "http://www.openwall.com/lists/oss-security/2025/09/10/1", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9086", - "epss": 0.00037, - "percentile": 0.10902, - "date": "2026-01-21" + "cve": "CVE-2026-0992", + "epss": 0.00067, + "percentile": 0.20874, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9086", - "cwe": "CWE-125", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5125,7 +5134,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5133,21 +5142,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9086", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5164,22 +5173,11 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -5189,196 +5187,87 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.0147 + "risk": 0.019764999999999998 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "26.1.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014399999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.0003, - "percentile": 0.08036, - "date": "2026-01-21" + "cve": "CVE-2026-0989", + "epss": 0.00059, + "percentile": 0.18375, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", + "cve": "CVE-2026-0989", + "cwe": "CWE-674", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -5393,21 +5282,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2026-0989", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -5421,13 +5310,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5438,42 +5327,36 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5484,62 +5367,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014105 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00031, - "percentile": 0.08427, - "date": "2026-01-21" + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9086", "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" @@ -5549,7 +5417,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5557,21 +5425,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9086", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -5585,16 +5453,181 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-9086", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9086", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n2. curl is redirected to or otherwise made to speak with `http://target` (same \nhostname, but using clear text HTTP) using the same cookie set \n3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\nSince this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\nboundary\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019055 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9086", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://hackerone.com/reports/3294999", + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html" + ], + "description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-9086", + "epss": 0.00037, + "percentile": 0.10941, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9086", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "curl", + "version": "7.76.1-34.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9086", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "upstreams": [ + { + "name": "curl", + "version": "7.76.1-34.el9" + } + ], + "metadataType": "RpmMetadata", + "metadata": { "epoch": null, "modularityLabel": "" } @@ -5624,9 +5657,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5656,7 +5689,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0936" } ], - "risk": 0.013335000000000001 + "risk": 0.015875 }, "relatedVulnerabilities": [ { @@ -5666,6 +5699,8 @@ "severity": "High", "urls": [ "https://access.redhat.com/errata/RHSA-2026:0936", + "https://access.redhat.com/errata/RHSA-2026:0975", + "https://access.redhat.com/errata/RHSA-2026:0991", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -5689,9 +5724,9 @@ "epss": [ { "cve": "CVE-2025-13601", - "epss": 0.00021, - "percentile": 0.04523, - "date": "2026-01-21" + "epss": 0.00025, + "percentile": 0.05997, + "date": "2026-01-26" } ], "cwes": [ @@ -5762,39 +5797,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "No description is available for this CVE.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5802,47 +5837,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013064999999999998 + "risk": 0.014399999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00039, - "percentile": 0.11433, - "date": "2026-01-21" + "cve": "CVE-2025-5915", + "epss": 0.0003, + "percentile": 0.08092, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5857,21 +5906,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5885,13 +5934,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5902,130 +5951,109 @@ }, { "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 + "advisories": [], + "risk": 0.014105 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.02824, - "date": "2026-01-21" + "cve": "CVE-2023-4156", + "epss": 0.00031, + "percentile": 0.08489, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "nvd@nist.gov", "type": "Primary" } @@ -6042,24 +6070,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2023-4156", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -6073,13 +6098,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6090,17 +6115,112 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29478", + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.013649999999999999 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "26.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6111,16 +6231,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6130,25 +6250,25 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01072 + "risk": 0.013064999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { "baseScore": 3.7, "exploitabilityScore": 2.3, @@ -6159,16 +6279,16 @@ ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00032, - "percentile": 0.08923, - "date": "2026-01-21" + "cve": "CVE-2026-0988", + "epss": 0.00039, + "percentile": 0.11451, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Primary" } @@ -6191,7 +6311,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } @@ -6230,100 +6350,132 @@ }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.010620000000000001 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.012240000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 4.6 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "cve": "CVE-2025-68973", + "epss": 0.00016, + "percentile": 0.02842, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -6338,184 +6490,86 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.0105 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "26.1.1" - } + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPLv3+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -6524,52 +6578,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00945 + "risk": 0.01072 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00018, - "percentile": 0.03455, - "date": "2026-01-21" + "cve": "CVE-2025-7039", + "epss": 0.00032, + "percentile": 0.08946, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -6585,21 +6633,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -6613,13 +6661,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6630,38 +6678,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -6670,60 +6724,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008969999999999999 + "risk": 0.010620000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00026, - "percentile": 0.06607, - "date": "2026-01-21" + "cve": "CVE-2026-22185", + "epss": 0.00018, + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -6739,21 +6786,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -6767,13 +6814,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6784,184 +6831,140 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", "severity": "Medium", - "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-29477", + "epss": 0.0002, + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.00888 + "risk": 0.0105 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" - ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "26.1.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", - "type": "rpm", + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6969,54 +6972,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.00945 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-60753", + "epss": 0.00018, + "percentile": 0.03504, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7024,21 +7033,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7052,19 +7061,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7074,39 +7078,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7114,54 +7118,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00888 + "risk": 0.008969999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "cve": "CVE-2025-5916", + "epss": 0.00026, + "percentile": 0.0664, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7169,21 +7187,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -7197,19 +7215,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7242,8 +7255,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7251,7 +7264,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7275,7 +7288,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7290,8 +7303,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7299,7 +7312,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7326,8 +7339,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7345,10 +7358,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7387,8 +7400,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7396,7 +7409,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7420,7 +7433,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7435,8 +7448,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7444,7 +7457,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7471,8 +7484,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7487,13 +7500,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7532,8 +7545,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7541,7 +7554,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7565,7 +7578,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7580,8 +7593,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7589,14 +7602,14 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7605,7 +7618,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -7616,8 +7629,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7632,20 +7645,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7678,8 +7690,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7687,7 +7699,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7711,7 +7723,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { @@ -7726,8 +7738,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02675, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ @@ -7735,7 +7747,7 @@ "cve": "CVE-2025-14104", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7762,8 +7774,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -7778,23 +7790,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -7810,38 +7812,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7854,43 +7856,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -7898,7 +7899,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7906,21 +7907,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -7934,14 +7935,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7951,38 +7957,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cwes": [ + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -7995,43 +8001,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8039,7 +8044,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8047,21 +8052,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8075,25 +8080,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8103,38 +8103,38 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8147,43 +8147,42 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02693, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -8199,21 +8198,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2025-14104", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -8227,27 +8226,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -8259,44 +8258,38 @@ }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8305,68 +8298,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00874 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", - "epss": 0.00019, - "percentile": 0.04009, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - }, + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" + } + ], + "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8382,21 +8354,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8410,13 +8382,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8427,38 +8399,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8467,51 +8439,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8519,7 +8487,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8527,21 +8495,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8555,55 +8523,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], @@ -8612,51 +8591,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008539999999999999 + "risk": 0.00888 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "cve": "CVE-2026-0861", + "epss": 0.00016, + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -8672,21 +8647,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-0861", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -8700,66 +8675,76 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -8768,52 +8753,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00846 + "risk": 0.00874 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.4, + "baseScore": 3.3, "exploitabilityScore": 1.9, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00018, - "percentile": 0.03744, - "date": "2026-01-21" + "cve": "CVE-2022-3219", + "epss": 0.00019, + "percentile": 0.04089, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8821,7 +8822,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8829,21 +8830,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2022-3219", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -8860,22 +8861,11 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8885,38 +8875,38 @@ }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -8925,33 +8915,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -8967,21 +8975,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -8995,55 +9003,55 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], @@ -9052,33 +9060,51 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.008539999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], - "cwes": [ + "epss": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-9232", + "epss": 0.00028, + "percentile": 0.07303, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -9094,21 +9120,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -9122,66 +9148,66 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "openssl", + "version": "3.5.1-4.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glibc. When the wordexp function is called with the flags WRDE_REUSE and WRDE_APPEND, it may return uninitialized memory. If the caller inspects the we_wordv array or calls the wordfree function to free the allocated memory, the process will abort, resulting in a denial of service.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9190,33 +9216,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008010000000000001 + "risk": 0.00846 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", - "severity": "Unknown", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" + ], + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "metrics": { + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], "epss": [ { - "cve": "CVE-2025-15281", + "cve": "CVE-2025-5278", "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" + "percentile": 0.03788, + "date": "2026-01-26" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9232,21 +9277,21 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9260,27 +9305,23 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", @@ -9315,8 +9356,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9324,7 +9365,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -9377,8 +9418,8 @@ { "cve": "CVE-2025-5918", "epss": 0.00021, - "percentile": 0.04788, - "date": "2026-01-21" + "percentile": 0.04833, + "date": "2026-01-26" } ], "cwes": [ @@ -9386,7 +9427,7 @@ "cve": "CVE-2025-5918", "cwe": "CWE-125", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -9469,8 +9510,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9530,8 +9571,8 @@ { "cve": "CVE-2025-30258", "epss": 0.00025, - "percentile": 0.06112, - "date": "2026-01-21" + "percentile": 0.06111, + "date": "2026-01-26" } ], "cwes": [ @@ -9622,8 +9663,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9690,8 +9731,8 @@ { "cve": "CVE-2024-0232", "epss": 0.00018, - "percentile": 0.03599, - "date": "2026-01-21" + "percentile": 0.03645, + "date": "2026-01-26" } ], "cwes": [ @@ -9799,8 +9840,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9865,8 +9906,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.01609, - "date": "2026-01-21" + "percentile": 0.01623, + "date": "2026-01-26" } ], "cwes": [ @@ -9963,8 +10004,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10025,8 +10066,8 @@ { "cve": "CVE-2025-5917", "epss": 0.00022, - "percentile": 0.05096, - "date": "2026-01-21" + "percentile": 0.05107, + "date": "2026-01-26" } ], "cwes": [ @@ -10117,8 +10158,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10178,8 +10219,8 @@ { "cve": "CVE-2025-6170", "epss": 0.00019, - "percentile": 0.03858, - "date": "2026-01-21" + "percentile": 0.03925, + "date": "2026-01-26" } ], "cwes": [ @@ -10270,8 +10311,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10330,8 +10371,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00014, - "percentile": 0.02049, - "date": "2026-01-21" + "percentile": 0.02057, + "date": "2026-01-26" } ], "cwes": [ @@ -10422,8 +10463,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10463,8 +10504,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10558,8 +10599,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -10599,8 +10640,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -10694,8 +10735,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10755,8 +10796,8 @@ { "cve": "CVE-2025-68972", "epss": 0.00005, - "percentile": 0.00218, - "date": "2026-01-21" + "percentile": 0.00223, + "date": "2026-01-26" } ], "cwes": [ @@ -10822,6 +10863,134 @@ } } }, + { + "vulnerability": { + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnutls", + "version": "0:3.8.3-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2025-62813", @@ -11041,7 +11210,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -11155,6 +11324,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -11204,91 +11383,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/agent/grype-26.1.1.md b/docs/security/agent/grype-26.1.1.md index 3267fd4..c948f56 100644 --- a/docs/security/agent/grype-26.1.1.md +++ b/docs/security/agent/grype-26.1.1.md @@ -14,8 +14,8 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | +| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | @@ -48,13 +48,16 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | +| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | +| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | @@ -68,13 +71,11 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-common | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | -| glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/oss/grype-4.0.14.json b/docs/security/oss/grype-4.0.14.json index ab2f533..03eee4e 100644 --- a/docs/security/oss/grype-4.0.14.json +++ b/docs/security/oss/grype-4.0.14.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -35,7 +35,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -47,7 +47,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -114,7 +114,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -126,7 +126,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -201,9 +201,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -219,7 +219,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -336,9 +336,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -692,8 +692,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -755,8 +755,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -995,8 +995,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1131,8 +1131,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1191,8 +1191,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1272,8 +1272,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1332,8 +1332,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1408,8 +1408,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1471,8 +1471,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1579,8 +1579,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ], "fix": { @@ -1623,8 +1623,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ] } @@ -1691,8 +1691,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1745,8 +1745,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1821,8 +1821,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1881,8 +1881,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1989,8 +1989,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -2031,8 +2031,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -2113,8 +2113,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2169,8 +2169,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2235,6 +2235,162 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -2248,8 +2404,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2310,8 +2466,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2382,8 +2538,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2446,8 +2602,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2554,8 +2710,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2602,8 +2758,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2710,8 +2866,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2766,8 +2922,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2845,8 +3001,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2897,8 +3053,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -3005,8 +3161,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3054,8 +3210,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3130,8 +3286,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -3197,8 +3353,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3298,9 +3454,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -3316,7 +3472,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3392,8 +3548,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3441,8 +3597,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3536,8 +3692,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3588,8 +3744,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3829,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3723,8 +3879,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3799,8 +3955,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3864,8 +4020,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3964,8 +4120,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -4044,8 +4200,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4092,8 +4248,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4177,8 +4333,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4225,8 +4381,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4301,8 +4457,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4349,8 +4505,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4430,8 +4586,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4478,8 +4634,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4554,8 +4710,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4611,8 +4767,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4674,136 +4830,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2022-27943", @@ -4817,8 +4843,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4878,8 +4904,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4986,8 +5012,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5047,8 +5073,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5123,8 +5149,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5184,8 +5210,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5288,8 +5314,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5349,8 +5375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5448,8 +5474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5509,8 +5535,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5608,8 +5634,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5670,8 +5696,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5765,8 +5791,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5832,8 +5858,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5914,8 +5940,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5981,8 +6007,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6059,8 +6085,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6119,8 +6145,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6204,8 +6230,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6254,8 +6280,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6330,8 +6356,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6380,8 +6406,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6452,8 +6478,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6502,8 +6528,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6578,8 +6604,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6628,8 +6654,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6700,8 +6726,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6748,8 +6774,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6833,8 +6859,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6881,8 +6907,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6957,8 +6983,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7005,8 +7031,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7086,8 +7112,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7134,8 +7160,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7210,8 +7236,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7260,8 +7286,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7336,8 +7362,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7384,8 +7410,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7481,8 +7507,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7548,8 +7574,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7630,8 +7656,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7697,8 +7723,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7775,8 +7801,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7825,8 +7851,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7901,8 +7927,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -7956,8 +7982,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -8047,8 +8073,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -8089,8 +8115,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -8157,8 +8183,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -8198,8 +8224,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -8258,9 +8284,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [], "state": "wont-fix" @@ -8271,11 +8318,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -8476,7 +8552,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -8590,6 +8666,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -8639,91 +8725,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.0.14.md b/docs/security/oss/grype-4.0.14.md index eaf17d9..0102cb2 100644 --- a/docs/security/oss/grype-4.0.14.md +++ b/docs/security/oss/grype-4.0.14.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | @@ -15,6 +16,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.0.14 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -63,5 +65,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index c7f206d..b2d1b47 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -35,7 +35,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -47,7 +47,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -114,7 +114,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -126,7 +126,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -201,9 +201,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -219,7 +219,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -336,9 +336,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -560,8 +560,8 @@ { "cve": "CVE-2025-12970", "epss": 0.00134, - "percentile": 0.33651, - "date": "2026-01-21" + "percentile": 0.33556, + "date": "2026-01-26" } ], "cwes": [ @@ -640,8 +640,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -703,8 +703,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -788,8 +788,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -851,8 +851,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -946,8 +946,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1006,8 +1006,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1091,8 +1091,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1151,8 +1151,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1227,8 +1227,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1287,8 +1287,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1368,8 +1368,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1428,8 +1428,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1520,8 +1520,8 @@ { "cve": "CVE-2025-12977", "epss": 0.00078, - "percentile": 0.23555, - "date": "2026-01-21" + "percentile": 0.23442, + "date": "2026-01-26" } ], "cwes": [ @@ -1615,8 +1615,8 @@ { "cve": "CVE-2025-12978", "epss": 0.00131, - "percentile": 0.33284, - "date": "2026-01-21" + "percentile": 0.33181, + "date": "2026-01-26" } ], "fix": { @@ -1687,8 +1687,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1750,8 +1750,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1861,8 +1861,8 @@ { "cve": "CVE-2025-12969", "epss": 0.00106, - "percentile": 0.29225, - "date": "2026-01-21" + "percentile": 0.291, + "date": "2026-01-26" } ], "cwes": [ @@ -1954,8 +1954,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ], "fix": { @@ -1998,8 +1998,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ] } @@ -2082,8 +2082,8 @@ { "cve": "CVE-2025-12972", "epss": 0.00093, - "percentile": 0.26542, - "date": "2026-01-21" + "percentile": 0.26428, + "date": "2026-01-26" } ], "cwes": [ @@ -2162,8 +2162,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -2216,8 +2216,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -2292,8 +2292,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -2352,8 +2352,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -2460,8 +2460,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -2502,8 +2502,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -2584,8 +2584,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2640,8 +2640,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2706,6 +2706,162 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -2719,8 +2875,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2781,8 +2937,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2853,8 +3009,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2917,8 +3073,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -3025,8 +3181,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -3073,8 +3229,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -3181,8 +3337,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ @@ -3257,8 +3413,8 @@ { "cve": "CVE-2025-9230", "epss": 0.00029, - "percentile": 0.0786, - "date": "2026-01-21" + "percentile": 0.07932, + "date": "2026-01-26" } ], "cwes": [ @@ -3376,8 +3532,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -3432,8 +3588,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -3511,8 +3667,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -3563,8 +3719,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -3671,8 +3827,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3720,8 +3876,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3796,8 +3952,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -3863,8 +4019,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3963,8 +4119,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ @@ -4030,8 +4186,8 @@ { "cve": "CVE-2025-9232", "epss": 0.00028, - "percentile": 0.07249, - "date": "2026-01-21" + "percentile": 0.07303, + "date": "2026-01-26" } ], "cwes": [ @@ -4144,9 +4300,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -4162,7 +4318,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4238,8 +4394,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -4287,8 +4443,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -4382,8 +4538,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -4434,8 +4590,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -4519,8 +4675,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -4569,8 +4725,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -4645,8 +4801,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -4710,8 +4866,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -4810,8 +4966,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -4890,8 +5046,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4938,8 +5094,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5023,8 +5179,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5071,8 +5227,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5147,8 +5303,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5195,8 +5351,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5276,8 +5432,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5324,8 +5480,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -5400,8 +5556,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -5457,8 +5613,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -5520,136 +5676,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2022-27943", @@ -5663,8 +5689,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5724,8 +5750,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5832,8 +5858,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5893,8 +5919,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5969,8 +5995,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -6030,8 +6056,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -6134,8 +6160,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -6195,8 +6221,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -6294,8 +6320,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -6355,8 +6381,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -6454,8 +6480,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -6516,8 +6542,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -6611,8 +6637,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6678,8 +6704,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6760,8 +6786,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6827,8 +6853,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6905,8 +6931,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6965,8 +6991,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -7050,8 +7076,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -7100,8 +7126,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -7176,8 +7202,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -7226,8 +7252,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -7298,8 +7324,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -7348,8 +7374,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -7424,8 +7450,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -7474,8 +7500,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -7546,8 +7572,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7594,8 +7620,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7679,8 +7705,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7727,8 +7753,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7803,8 +7829,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7851,8 +7877,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7932,8 +7958,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7980,8 +8006,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -8056,8 +8082,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -8106,8 +8132,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -8182,8 +8208,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -8230,8 +8256,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -8327,8 +8353,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -8394,8 +8420,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -8476,8 +8502,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -8543,8 +8569,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -8621,8 +8647,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -8671,8 +8697,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -8747,8 +8773,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -8802,8 +8828,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -8893,8 +8919,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -8935,8 +8961,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -9003,8 +9029,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -9044,8 +9070,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -9104,9 +9130,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [], "state": "wont-fix" @@ -9117,11 +9164,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -9322,7 +9398,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -9436,6 +9512,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -9485,91 +9571,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index 9b58f36..3e91308 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -9,6 +9,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | fluent-bit | 4.1.0 | [CVE-2025-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12970) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | @@ -22,6 +23,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -70,5 +72,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.1.1.json b/docs/security/oss/grype-4.1.1.json index 507cd18..b6bd9ff 100644 --- a/docs/security/oss/grype-4.1.1.json +++ b/docs/security/oss/grype-4.1.1.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -35,7 +35,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -47,7 +47,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -114,7 +114,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -126,7 +126,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -201,9 +201,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -219,7 +219,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -336,9 +336,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -692,8 +692,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -755,8 +755,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -995,8 +995,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1131,8 +1131,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1191,8 +1191,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1272,8 +1272,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1332,8 +1332,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1408,8 +1408,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1471,8 +1471,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1579,8 +1579,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ], "fix": { @@ -1623,8 +1623,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ] } @@ -1691,8 +1691,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1745,8 +1745,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1821,8 +1821,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1881,8 +1881,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1989,8 +1989,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -2031,8 +2031,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -2113,8 +2113,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2169,8 +2169,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2235,6 +2235,162 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -2248,8 +2404,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2310,8 +2466,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2382,8 +2538,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2446,8 +2602,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2554,8 +2710,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2602,8 +2758,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2710,8 +2866,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2766,8 +2922,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2845,8 +3001,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2897,8 +3053,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -3005,8 +3161,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3054,8 +3210,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3130,8 +3286,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -3197,8 +3353,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3298,9 +3454,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -3316,7 +3472,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3392,8 +3548,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3441,8 +3597,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3536,8 +3692,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3588,8 +3744,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3829,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3723,8 +3879,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3799,8 +3955,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3864,8 +4020,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3964,8 +4120,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -4044,8 +4200,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4092,8 +4248,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4177,8 +4333,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4225,8 +4381,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4301,8 +4457,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4349,8 +4505,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4430,8 +4586,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4478,8 +4634,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4554,8 +4710,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4611,8 +4767,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4674,136 +4830,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2022-27943", @@ -4817,8 +4843,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4878,8 +4904,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4986,8 +5012,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5047,8 +5073,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5123,8 +5149,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5184,8 +5210,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5288,8 +5314,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5349,8 +5375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5448,8 +5474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5509,8 +5535,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5608,8 +5634,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5670,8 +5696,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5765,8 +5791,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5832,8 +5858,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5914,8 +5940,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5981,8 +6007,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6059,8 +6085,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6119,8 +6145,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6204,8 +6230,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6254,8 +6280,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6330,8 +6356,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6380,8 +6406,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6452,8 +6478,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6502,8 +6528,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6578,8 +6604,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6628,8 +6654,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6700,8 +6726,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6748,8 +6774,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6833,8 +6859,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6881,8 +6907,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6957,8 +6983,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7005,8 +7031,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7086,8 +7112,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7134,8 +7160,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7210,8 +7236,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7260,8 +7286,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7336,8 +7362,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7384,8 +7410,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7481,8 +7507,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7548,8 +7574,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7630,8 +7656,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7697,8 +7723,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7775,8 +7801,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7825,8 +7851,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7901,8 +7927,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -7956,8 +7982,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -8047,8 +8073,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -8089,8 +8115,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -8157,8 +8183,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -8198,8 +8224,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -8258,9 +8284,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [], "state": "wont-fix" @@ -8271,11 +8318,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -8476,7 +8552,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -8590,6 +8666,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -8639,91 +8725,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.1.1.md b/docs/security/oss/grype-4.1.1.md index ce6bf08..9049593 100644 --- a/docs/security/oss/grype-4.1.1.md +++ b/docs/security/oss/grype-4.1.1.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | @@ -15,6 +16,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -63,5 +65,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.1.2.json b/docs/security/oss/grype-4.1.2.json index 6a79ab2..3483913 100644 --- a/docs/security/oss/grype-4.1.2.json +++ b/docs/security/oss/grype-4.1.2.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -35,7 +35,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -47,7 +47,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -114,7 +114,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -126,7 +126,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -201,9 +201,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -219,7 +219,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -336,9 +336,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -692,8 +692,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -755,8 +755,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -995,8 +995,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1131,8 +1131,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1191,8 +1191,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1272,8 +1272,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1332,8 +1332,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1408,8 +1408,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1471,8 +1471,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1579,8 +1579,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ], "fix": { @@ -1623,8 +1623,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ] } @@ -1691,8 +1691,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1745,8 +1745,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1821,8 +1821,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1881,8 +1881,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1989,8 +1989,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -2031,8 +2031,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -2113,8 +2113,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2169,8 +2169,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2235,6 +2235,162 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -2248,8 +2404,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2310,8 +2466,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2382,8 +2538,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2446,8 +2602,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2554,8 +2710,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2602,8 +2758,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2710,8 +2866,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2766,8 +2922,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2845,8 +3001,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2897,8 +3053,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -3005,8 +3161,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3054,8 +3210,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3130,8 +3286,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -3197,8 +3353,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3298,9 +3454,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -3316,7 +3472,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3392,8 +3548,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3441,8 +3597,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3536,8 +3692,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3588,8 +3744,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3829,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3723,8 +3879,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3799,8 +3955,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3864,8 +4020,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3964,8 +4120,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -4044,8 +4200,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4092,8 +4248,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4177,8 +4333,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4225,8 +4381,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4301,8 +4457,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4349,8 +4505,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4430,8 +4586,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4478,8 +4634,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4554,8 +4710,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4611,8 +4767,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4674,136 +4830,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2022-27943", @@ -4817,8 +4843,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4878,8 +4904,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4986,8 +5012,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5047,8 +5073,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5123,8 +5149,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5184,8 +5210,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5288,8 +5314,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5349,8 +5375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5448,8 +5474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5509,8 +5535,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5608,8 +5634,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5670,8 +5696,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5765,8 +5791,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5832,8 +5858,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5914,8 +5940,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5981,8 +6007,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6059,8 +6085,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6119,8 +6145,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6204,8 +6230,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6254,8 +6280,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6330,8 +6356,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6380,8 +6406,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6452,8 +6478,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6502,8 +6528,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6578,8 +6604,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6628,8 +6654,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6700,8 +6726,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6748,8 +6774,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6833,8 +6859,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6881,8 +6907,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6957,8 +6983,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7005,8 +7031,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7086,8 +7112,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7134,8 +7160,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7210,8 +7236,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7260,8 +7286,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7336,8 +7362,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7384,8 +7410,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7481,8 +7507,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7548,8 +7574,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7630,8 +7656,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7697,8 +7723,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7775,8 +7801,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7825,8 +7851,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7901,8 +7927,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -7956,8 +7982,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -8047,8 +8073,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -8089,8 +8115,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -8157,8 +8183,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -8198,8 +8224,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -8258,9 +8284,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [], "state": "wont-fix" @@ -8271,11 +8318,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -8476,7 +8552,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -8590,6 +8666,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -8639,91 +8725,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.1.2.md b/docs/security/oss/grype-4.1.2.md index 630b83f..04e9e16 100644 --- a/docs/security/oss/grype-4.1.2.md +++ b/docs/security/oss/grype-4.1.2.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | @@ -15,6 +16,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -63,5 +65,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.2.0.json b/docs/security/oss/grype-4.2.0.json index a6e2e36..226d23b 100644 --- a/docs/security/oss/grype-4.2.0.json +++ b/docs/security/oss/grype-4.2.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -35,7 +35,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -47,7 +47,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80481, - "date": "2026-01-21" + "percentile": 0.80516, + "date": "2026-01-26" } ], "cwes": [ @@ -114,7 +114,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" }, { "cve": "CVE-2023-2953", @@ -126,7 +126,7 @@ "cve": "CVE-2023-2953", "cwe": "CWE-476", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Primary" + "type": "Secondary" } ] } @@ -201,9 +201,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -219,7 +219,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -336,9 +336,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -413,8 +413,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -467,8 +467,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -544,8 +544,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -607,8 +607,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -692,8 +692,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -755,8 +755,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -850,8 +850,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -910,8 +910,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -995,8 +995,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1055,8 +1055,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1131,8 +1131,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1191,8 +1191,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1272,8 +1272,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1332,8 +1332,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1408,8 +1408,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1471,8 +1471,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1579,8 +1579,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ], "fix": { @@ -1623,8 +1623,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00095, - "percentile": 0.26874, - "date": "2026-01-21" + "percentile": 0.2676, + "date": "2026-01-26" } ] } @@ -1691,8 +1691,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1745,8 +1745,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75235, - "date": "2026-01-21" + "percentile": 0.75256, + "date": "2026-01-26" } ], "cwes": [ @@ -1821,8 +1821,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1881,8 +1881,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1989,8 +1989,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -2031,8 +2031,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -2113,8 +2113,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2169,8 +2169,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -2235,6 +2235,162 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -2248,8 +2404,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2310,8 +2466,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2382,8 +2538,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2446,8 +2602,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2554,8 +2710,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2602,8 +2758,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2710,8 +2866,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2766,8 +2922,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2845,8 +3001,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2897,8 +3053,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -3005,8 +3161,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3054,8 +3210,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -3130,8 +3286,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -3197,8 +3353,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3298,9 +3454,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -3316,7 +3472,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3392,8 +3548,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3441,8 +3597,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3536,8 +3692,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3588,8 +3744,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3673,8 +3829,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3723,8 +3879,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3799,8 +3955,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3864,8 +4020,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3964,8 +4120,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -4044,8 +4200,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4092,8 +4248,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4177,8 +4333,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4225,8 +4381,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4301,8 +4457,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4349,8 +4505,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4430,8 +4586,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4478,8 +4634,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4554,8 +4710,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4611,8 +4767,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42572, - "date": "2026-01-21" + "percentile": 0.42538, + "date": "2026-01-26" } ], "cwes": [ @@ -4674,136 +4830,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2022-27943", @@ -4817,8 +4843,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4878,8 +4904,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -4986,8 +5012,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5047,8 +5073,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5123,8 +5149,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5184,8 +5210,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5288,8 +5314,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5349,8 +5375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5448,8 +5474,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5509,8 +5535,8 @@ { "cve": "CVE-2022-27943", "epss": 0.00155, - "percentile": 0.36663, - "date": "2026-01-21" + "percentile": 0.3659, + "date": "2026-01-26" } ], "cwes": [ @@ -5608,8 +5634,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5670,8 +5696,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -5765,8 +5791,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5832,8 +5858,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5914,8 +5940,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5981,8 +6007,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -6059,8 +6085,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6119,8 +6145,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -6204,8 +6230,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6254,8 +6280,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6330,8 +6356,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6380,8 +6406,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -6452,8 +6478,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6502,8 +6528,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6578,8 +6604,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6628,8 +6654,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -6700,8 +6726,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6748,8 +6774,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6833,8 +6859,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6881,8 +6907,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6957,8 +6983,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7005,8 +7031,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7086,8 +7112,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7134,8 +7160,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -7210,8 +7236,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7260,8 +7286,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -7336,8 +7362,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7384,8 +7410,8 @@ { "cve": "CVE-2025-27587", "epss": 0.00046, - "percentile": 0.14014, - "date": "2026-01-21" + "percentile": 0.13923, + "date": "2026-01-26" } ], "cwes": [ @@ -7481,8 +7507,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7548,8 +7574,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7630,8 +7656,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7697,8 +7723,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -7775,8 +7801,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7825,8 +7851,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -7901,8 +7927,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -7956,8 +7982,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -8047,8 +8073,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -8089,8 +8115,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -8157,8 +8183,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -8198,8 +8224,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -8258,9 +8284,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:12", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [], "state": "wont-fix" @@ -8271,11 +8318,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -8476,7 +8552,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -8590,6 +8666,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -8639,91 +8725,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.2.0.md b/docs/security/oss/grype-4.2.0.md index 3ff6a2d..f1c9590 100644 --- a/docs/security/oss/grype-4.2.0.md +++ b/docs/security/oss/grype-4.2.0.md @@ -7,6 +7,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | | libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | @@ -15,6 +16,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.2.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | +| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -63,5 +65,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.2.1.json b/docs/security/oss/grype-4.2.1.json index 3a24311..27322be 100644 --- a/docs/security/oss/grype-4.2.1.json +++ b/docs/security/oss/grype-4.2.1.json @@ -12,9 +12,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -30,7 +30,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -147,9 +147,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -224,8 +224,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -278,8 +278,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -346,8 +346,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -409,8 +409,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -485,8 +485,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -548,8 +548,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -733,8 +733,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -818,8 +818,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -878,8 +878,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -954,8 +954,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1014,8 +1014,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1095,8 +1095,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1155,8 +1155,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1231,8 +1231,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1294,8 +1294,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1419,8 +1419,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1479,8 +1479,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1617,8 +1617,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -1659,8 +1659,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -1741,8 +1741,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -1797,8 +1797,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -1863,6 +1863,192 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -1876,8 +2062,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -1938,8 +2124,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2010,8 +2196,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2074,8 +2260,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2212,8 +2398,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2260,8 +2446,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2398,8 +2584,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2454,8 +2640,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2533,8 +2719,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2585,8 +2771,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2723,8 +2909,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -2772,8 +2958,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -2848,8 +3034,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -2915,8 +3101,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3046,9 +3232,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,7 +3250,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3140,8 +3326,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3189,8 +3375,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3314,8 +3500,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3366,8 +3552,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3451,8 +3637,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3501,8 +3687,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3577,8 +3763,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3642,8 +3828,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3733,8 +3919,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -3826,8 +4012,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00019, - "percentile": 0.04145, - "date": "2026-01-21" + "percentile": 0.04223, + "date": "2026-01-26" } ], "cwes": [ @@ -3874,8 +4060,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00019, - "percentile": 0.04145, - "date": "2026-01-21" + "percentile": 0.04223, + "date": "2026-01-26" } ], "cwes": [ @@ -3950,8 +4136,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -3998,8 +4184,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4083,8 +4269,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4131,8 +4317,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4207,8 +4393,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4255,8 +4441,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4336,8 +4522,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4384,8 +4570,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4447,166 +4633,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:13", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "glibc", - "version": "2.41-12" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4620,8 +4646,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -4682,8 +4708,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -4807,8 +4833,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -4874,8 +4900,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -4956,8 +4982,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5023,8 +5049,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5101,8 +5127,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -5161,8 +5187,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -5237,8 +5263,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5287,8 +5313,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5363,8 +5389,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5413,8 +5439,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5485,8 +5511,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5535,8 +5561,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5611,8 +5637,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5661,8 +5687,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5733,8 +5759,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5781,8 +5807,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5866,8 +5892,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5914,8 +5940,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5990,8 +6016,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6038,8 +6064,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6119,8 +6145,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6167,8 +6193,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6243,8 +6269,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -6293,8 +6319,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -6369,8 +6395,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6436,8 +6462,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6518,8 +6544,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6585,8 +6611,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6663,8 +6689,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -6713,8 +6739,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -6789,8 +6815,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -6844,8 +6870,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -6926,8 +6952,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -6968,8 +6994,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -7036,8 +7062,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -7077,8 +7103,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -7137,9 +7163,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [ "3.8.9-3+deb13u1" @@ -7159,11 +7206,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -7377,7 +7453,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -7491,6 +7567,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -7540,91 +7626,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.2.1.md b/docs/security/oss/grype-4.2.1.md index 05c4e09..3fdc67b 100644 --- a/docs/security/oss/grype-4.2.1.md +++ b/docs/security/oss/grype-4.2.1.md @@ -6,6 +6,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -14,6 +15,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Medium | +| libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -54,5 +56,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown | diff --git a/docs/security/oss/grype-4.2.2.json b/docs/security/oss/grype-4.2.2.json index 742e9d3..e3acc51 100644 --- a/docs/security/oss/grype-4.2.2.json +++ b/docs/security/oss/grype-4.2.2.json @@ -12,9 +12,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -30,7 +30,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.20645 + "risk": 0.21190000000000003 }, "relatedVulnerabilities": [ { @@ -147,9 +147,9 @@ "epss": [ { "cve": "CVE-2011-3389", - "epss": 0.04129, - "percentile": 0.88317, - "date": "2026-01-21" + "epss": 0.04238, + "percentile": 0.88476, + "date": "2026-01-26" } ], "cwes": [ @@ -224,8 +224,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ], "fix": { @@ -278,8 +278,8 @@ { "cve": "CVE-2015-3276", "epss": 0.02938, - "percentile": 0.86035, - "date": "2026-01-21" + "percentile": 0.86054, + "date": "2026-01-26" } ] } @@ -346,8 +346,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -409,8 +409,8 @@ { "cve": "CVE-2017-17740", "epss": 0.01643, - "percentile": 0.81534, - "date": "2026-01-21" + "percentile": 0.81568, + "date": "2026-01-26" } ], "cwes": [ @@ -485,8 +485,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -548,8 +548,8 @@ { "cve": "CVE-2018-20796", "epss": 0.01492, - "percentile": 0.80651, - "date": "2026-01-21" + "percentile": 0.80688, + "date": "2026-01-26" } ], "cwes": [ @@ -673,8 +673,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -733,8 +733,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -818,8 +818,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -878,8 +878,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -954,8 +954,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1014,8 +1014,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1095,8 +1095,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1155,8 +1155,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80612, - "date": "2026-01-21" + "percentile": 0.80649, + "date": "2026-01-26" } ], "cwes": [ @@ -1231,8 +1231,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1294,8 +1294,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.01239, - "percentile": 0.78815, - "date": "2026-01-21" + "percentile": 0.78852, + "date": "2026-01-26" } ], "cwes": [ @@ -1419,8 +1419,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1479,8 +1479,8 @@ { "cve": "CVE-2019-9192", "epss": 0.00841, - "percentile": 0.74218, - "date": "2026-01-21" + "percentile": 0.74244, + "date": "2026-01-26" } ], "cwes": [ @@ -1617,8 +1617,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ], "fix": { @@ -1659,8 +1659,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00055, - "percentile": 0.17269, - "date": "2026-01-21" + "percentile": 0.17164, + "date": "2026-01-26" } ] } @@ -1741,8 +1741,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -1797,8 +1797,8 @@ { "cve": "CVE-2025-12818", "epss": 0.00074, - "percentile": 0.22662, - "date": "2026-01-21" + "percentile": 0.22562, + "date": "2026-01-26" } ], "cwes": [ @@ -1863,6 +1863,192 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", + "namespace": "debian:distro:debian:13", + "severity": "High", + "urls": [], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.03899999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" + ], + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-15281", + "epss": 0.00052, + "percentile": 0.16409, + "date": "2026-01-26" + } + ], + "cwes": [ + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, { "vulnerability": { "id": "CVE-2018-6829", @@ -1876,8 +2062,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -1938,8 +2124,8 @@ { "cve": "CVE-2018-6829", "epss": 0.00662, - "percentile": 0.70606, - "date": "2026-01-21" + "percentile": 0.70627, + "date": "2026-01-26" } ], "cwes": [ @@ -2010,8 +2196,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2074,8 +2260,8 @@ { "cve": "CVE-2019-1010024", "epss": 0.00646, - "percentile": 0.70163, - "date": "2026-01-21" + "percentile": 0.70177, + "date": "2026-01-26" } ], "cwes": [ @@ -2212,8 +2398,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2260,8 +2446,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00041, - "percentile": 0.12144, - "date": "2026-01-21" + "percentile": 0.12162, + "date": "2026-01-26" } ], "cwes": [ @@ -2398,8 +2584,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2454,8 +2640,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20603, - "date": "2026-01-21" + "percentile": 0.20512, + "date": "2026-01-26" } ], "cwes": [ @@ -2533,8 +2719,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2585,8 +2771,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00371, - "percentile": 0.5837, - "date": "2026-01-21" + "percentile": 0.58366, + "date": "2026-01-26" } ], "cwes": [ @@ -2723,8 +2909,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -2772,8 +2958,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00036, - "percentile": 0.10333, - "date": "2026-01-21" + "percentile": 0.10383, + "date": "2026-01-26" } ], "cwes": [ @@ -2848,8 +3034,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ], "fix": { @@ -2915,8 +3101,8 @@ { "cve": "CVE-2019-1010023", "epss": 0.00313, - "percentile": 0.54021, - "date": "2026-01-21" + "percentile": 0.54016, + "date": "2026-01-26" } ] } @@ -3046,9 +3232,9 @@ "epss": [ { "cve": "CVE-2025-29478", - "epss": 0.00028, - "percentile": 0.07474, - "date": "2026-01-21" + "epss": 0.00026, + "percentile": 0.06791, + "date": "2026-01-26" } ], "cwes": [ @@ -3064,7 +3250,7 @@ "state": "" }, "advisories": [], - "risk": 0.0147 + "risk": 0.013649999999999999 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3140,8 +3326,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3189,8 +3375,8 @@ { "cve": "CVE-2026-0861", "epss": 0.00016, - "percentile": 0.02534, - "date": "2026-01-21" + "percentile": 0.02554, + "date": "2026-01-26" } ], "cwes": [ @@ -3314,8 +3500,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3366,8 +3552,8 @@ { "cve": "CVE-2024-2236", "epss": 0.00222, - "percentile": 0.44576, - "date": "2026-01-21" + "percentile": 0.44546, + "date": "2026-01-26" } ], "cwes": [ @@ -3451,8 +3637,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3501,8 +3687,8 @@ { "cve": "CVE-2025-14524", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -3577,8 +3763,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3642,8 +3828,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43979, - "date": "2026-01-21" + "percentile": 0.43945, + "date": "2026-01-26" } ], "cwes": [ @@ -3733,8 +3919,8 @@ { "cve": "CVE-2025-29477", "epss": 0.0002, - "percentile": 0.04323, - "date": "2026-01-21" + "percentile": 0.04388, + "date": "2026-01-26" } ], "cwes": [ @@ -3826,8 +4012,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00019, - "percentile": 0.04145, - "date": "2026-01-21" + "percentile": 0.04223, + "date": "2026-01-26" } ], "cwes": [ @@ -3874,8 +4060,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00019, - "percentile": 0.04145, - "date": "2026-01-21" + "percentile": 0.04223, + "date": "2026-01-26" } ], "cwes": [ @@ -3950,8 +4136,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -3998,8 +4184,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4083,8 +4269,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4131,8 +4317,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4207,8 +4393,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4255,8 +4441,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4336,8 +4522,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4384,8 +4570,8 @@ { "cve": "CVE-2024-26458", "epss": 0.00206, - "percentile": 0.42892, - "date": "2026-01-21" + "percentile": 0.42858, + "date": "2026-01-26" } ], "cwes": [ @@ -4447,166 +4633,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:13", - "severity": "Unknown", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.009000000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00018, - "percentile": 0.03847, - "date": "2026-01-21" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "glibc", - "version": "2.41-12" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, { "vulnerability": { "id": "CVE-2019-1010022", @@ -4620,8 +4646,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -4682,8 +4708,8 @@ { "cve": "CVE-2019-1010022", "epss": 0.00131, - "percentile": 0.3327, - "date": "2026-01-21" + "percentile": 0.33166, + "date": "2026-01-26" } ], "cwes": [ @@ -4807,8 +4833,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -4874,8 +4900,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -4956,8 +4982,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5023,8 +5049,8 @@ { "cve": "CVE-2023-31437", "epss": 0.00128, - "percentile": 0.32735, - "date": "2026-01-21" + "percentile": 0.32621, + "date": "2026-01-26" } ], "cwes": [ @@ -5101,8 +5127,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -5161,8 +5187,8 @@ { "cve": "CVE-2017-14159", "epss": 0.00123, - "percentile": 0.32014, - "date": "2026-01-21" + "percentile": 0.3191, + "date": "2026-01-26" } ], "cwes": [ @@ -5237,8 +5263,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5287,8 +5313,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5363,8 +5389,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5413,8 +5439,8 @@ { "cve": "CVE-2023-31438", "epss": 0.001, - "percentile": 0.28305, - "date": "2026-01-21" + "percentile": 0.28173, + "date": "2026-01-26" } ], "cwes": [ @@ -5485,8 +5511,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5535,8 +5561,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5611,8 +5637,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5661,8 +5687,8 @@ { "cve": "CVE-2023-31439", "epss": 0.00094, - "percentile": 0.26739, - "date": "2026-01-21" + "percentile": 0.26624, + "date": "2026-01-26" } ], "cwes": [ @@ -5733,8 +5759,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5781,8 +5807,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5866,8 +5892,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5914,8 +5940,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -5990,8 +6016,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6038,8 +6064,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6119,8 +6145,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6167,8 +6193,8 @@ { "cve": "CVE-2024-26461", "epss": 0.00062, - "percentile": 0.19491, - "date": "2026-01-21" + "percentile": 0.19383, + "date": "2026-01-26" } ], "cwes": [ @@ -6243,8 +6269,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -6293,8 +6319,8 @@ { "cve": "CVE-2025-15224", "epss": 0.00049, - "percentile": 0.15464, - "date": "2026-01-21" + "percentile": 0.15349, + "date": "2026-01-26" } ], "cwes": [ @@ -6369,8 +6395,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6436,8 +6462,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6518,8 +6544,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6585,8 +6611,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12562, - "date": "2026-01-21" + "percentile": 0.12551, + "date": "2026-01-26" } ], "cwes": [ @@ -6663,8 +6689,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -6713,8 +6739,8 @@ { "cve": "CVE-2025-15079", "epss": 0.00021, - "percentile": 0.04516, - "date": "2026-01-21" + "percentile": 0.04574, + "date": "2026-01-26" } ], "cwes": [ @@ -6789,8 +6815,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -6844,8 +6870,8 @@ { "cve": "CVE-2026-22185", "epss": 0.00018, - "percentile": 0.03771, - "date": "2026-01-21" + "percentile": 0.03832, + "date": "2026-01-26" } ], "cwes": [ @@ -6926,8 +6952,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ], "fix": { @@ -6968,8 +6994,8 @@ { "cve": "CVE-2025-10966", "epss": 0.00015, - "percentile": 0.02254, - "date": "2026-01-21" + "percentile": 0.02272, + "date": "2026-01-26" } ] } @@ -7036,8 +7062,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ], "fix": { @@ -7077,8 +7103,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00351, - "date": "2026-01-21" + "percentile": 0.00357, + "date": "2026-01-26" } ] } @@ -7137,9 +7163,30 @@ "id": "CVE-2025-9820", "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:13", - "severity": "Unknown", + "severity": "Medium", "urls": [], - "cvss": [], + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], "fix": { "versions": [ "3.8.9-3+deb13u1" @@ -7159,11 +7206,40 @@ "relatedVulnerabilities": [ { "id": "CVE-2025-9820", - "dataSource": "nvd", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", - "severity": "Unknown", - "urls": [], - "cvss": [] + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" + ], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "cwes": [ + { + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] } ], "matchDetails": [ @@ -7377,7 +7453,7 @@ }, "descriptor": { "name": "grype", - "version": "0.105.0", + "version": "0.106.0", "configuration": { "output": [ "json" @@ -7491,6 +7567,16 @@ }, "stock": { "using-cpes": true + }, + "dpkg": { + "using-cpes": false, + "missing-epoch-strategy": "zero", + "use-cpes-for-eol": false + }, + "rpm": { + "using-cpes": false, + "missing-epoch-strategy": "auto", + "use-cpes-for-eol": false } }, "fail-on-severity": "", @@ -7540,91 +7626,91 @@ "db": { "status": { "schemaVersion": "v6.1.3", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-22T00:33:09Z_1769062608.tar.zst?checksum=sha256%3Abb976529f6a6db747c14d727ecb87aaa4acf18abc9b6009598afd303ec4168a6", - "built": "2026-01-22T06:16:48Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.3_2026-01-27T00:27:58Z_1769494679.tar.zst?checksum=sha256%3A270cda27c950b74e72cbad3604be35c3fc7f4c12ce0be18420709b54063112ba", + "built": "2026-01-27T06:17:59Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:73fce9af6b3fd365" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:828ec6b2a89fde2e" }, "alpine": { - "captured": "2026-01-22T00:33:14Z", - "input": "xxh64:b84a37728d892129" + "captured": "2026-01-27T00:28:12Z", + "input": "xxh64:d63d5186142e82b6" }, "amazon": { - "captured": "2026-01-22T00:33:20Z", - "input": "xxh64:9b0390dcb293f703" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:b937f39bf9b948c3" }, "arch": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:ac05cb722795d7ed" + "captured": "2026-01-27T00:27:58Z", + "input": "xxh64:ebbc7187af1f8e94" }, "bitnami": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:e2895469b256c4dc" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:ada8a8e06bce4e77" }, "chainguard": { - "captured": "2026-01-22T00:33:11Z", - "input": "xxh64:9770a23f4fd9fdd2" + "captured": "2026-01-27T00:28:03Z", + "input": "xxh64:c68f1b84143217d0" }, "chainguard-libraries": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:a1966f5dc209b4f4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5f56fb987510fc1e" }, "debian": { - "captured": "2026-01-22T00:33:23Z", - "input": "xxh64:06da4ecaa6c412fe" + "captured": "2026-01-27T00:28:11Z", + "input": "xxh64:0da53a5e32e0aecd" }, "echo": { - "captured": "2026-01-22T00:33:09Z", - "input": "xxh64:c8eaeb167d56e35d" + "captured": "2026-01-27T00:28:32Z", + "input": "xxh64:87292d30981e4b64" }, "epss": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:650a874923fa6bef" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:2265fb49fc63caa4" }, "github": { - "captured": "2026-01-22T00:33:18Z", - "input": "xxh64:7501366322f70c74" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:5d35db26069179d3" }, "kev": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:474b6b1929d15ab4" + "captured": "2026-01-27T00:28:08Z", + "input": "xxh64:56da5c5188765a32" }, "mariner": { - "captured": "2026-01-22T00:33:16Z", - "input": "xxh64:b6982fbf34410a67" + "captured": "2026-01-27T00:28:05Z", + "input": "xxh64:5e2a84bf7e03acc0" }, "minimos": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8b364bf6ebcd17e1" + "captured": "2026-01-27T00:28:06Z", + "input": "xxh64:3dc73ed211de9574" }, "nvd": { - "captured": "2026-01-22T00:37:26Z", - "input": "xxh64:c70d9d3f646984e5" + "captured": "2026-01-27T00:32:38Z", + "input": "xxh64:a5214b9aa837870e" }, "oracle": { - "captured": "2026-01-22T00:33:17Z", - "input": "xxh64:d8684a53ad1547e1" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:ddbf592604bde1f5" }, "rhel": { - "captured": "2026-01-22T00:34:11Z", - "input": "xxh64:6be0e5e3aef59942" + "captured": "2026-01-27T00:29:39Z", + "input": "xxh64:87c50948404afdef" }, "sles": { - "captured": "2026-01-22T00:33:33Z", - "input": "xxh64:aa3b4327337d57be" + "captured": "2026-01-27T00:28:33Z", + "input": "xxh64:06269325800dcc4d" }, "ubuntu": { - "captured": "2026-01-22T00:33:43Z", - "input": "xxh64:672ddaa9a6e637e0" + "captured": "2026-01-27T00:30:02Z", + "input": "xxh64:78b619deea403a0f" }, "wolfi": { - "captured": "2026-01-22T00:33:13Z", - "input": "xxh64:8f95c8e5312fcfb4" + "captured": "2026-01-27T00:28:01Z", + "input": "xxh64:e454e5adcc921d23" } } } diff --git a/docs/security/oss/grype-4.2.2.md b/docs/security/oss/grype-4.2.2.md index c617994..72ddf8e 100644 --- a/docs/security/oss/grype-4.2.2.md +++ b/docs/security/oss/grype-4.2.2.md @@ -6,6 +6,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | +| libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | @@ -14,6 +15,7 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | | fluent-bit | 4.2.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-13034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13034) | Medium | +| libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | @@ -54,5 +56,3 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libldap2 | 2.6.10+dfsg-1 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-10966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Negligible | -| libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Unknown | -| libgnutls30t64 | 3.8.9-3 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Unknown |